Summary: | <sys-devel/binutils-2.30-r2: multiple vulnerabilities (CVE-2018-{6543,6759,6872}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 651576, 655574 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2018-02-16 00:41:52 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-6872 (https://nvd.nist.gov/vuln/detail/CVE-2018-6872): > The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote > attackers to cause a denial of service (out-of-bounds read and segmentation > violation) via a note with a large alignment. Fix queued for binutils 2.30 patchset 2 (from upstream 2.30 branch) > CVE-2018-6759 (https://nvd.nist.gov/vuln/detail/CVE-2018-6759): > The bfd_get_debug_link_info_1 function in opncls.c in the Binary File > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, > has an unchecked strnlen operation. Remote attackers could leverage this > vulnerability to cause a denial of service (segmentation fault) via a > crafted ELF file. Fix queued for binutils 2.30 patchset 2 (cherry-picked from upstream master) > CVE-2018-6543 (https://nvd.nist.gov/vuln/detail/CVE-2018-6543): > In GNU Binutils 2.30, there's an integer overflow in the function > load_specific_debug_section() in objdump.c, which results in `malloc()` > with > 0 size. A crafted ELF file allows remote attackers to cause a denial of > service (application crash) or possibly have unspecified other impact. Fix queued for binutils 2.30 patchset 2 (cherry-picked from upstream master) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c7fe7564dc60dd6caa3afd787728acb43fc7abe commit 8c7fe7564dc60dd6caa3afd787728acb43fc7abe Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-04-29 20:07:56 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-04-29 20:08:06 +0000 sys-devel/binutils: Revision bump (no keywords), 2.30 patchset 2 Bug: https://bugs.gentoo.org/502492 Bug: https://bugs.gentoo.org/647798 Bug: https://bugs.gentoo.org/647296 Bug: https://bugs.gentoo.org/649690 Bug: https://bugs.gentoo.org/651576 Package-Manager: Portage-2.3.31, Repoman-2.3.9 sys-devel/binutils/Manifest | 1 + sys-devel/binutils/binutils-2.30-r2.ebuild | 417 +++++++++++++++++++++++++++++ 2 files changed, 418 insertions(+)} This issue was resolved and addressed in GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17 by GLSA coordinator Aaron Bauman (b-man). |