Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 647798

Summary: <sys-devel/binutils-2.30-r2: multiple vulnerabilities (CVE-2018-{6543,6759,6872})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 651576, 655574    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-16 00:41:52 UTC
CVE-2018-6872 (https://nvd.nist.gov/vuln/detail/CVE-2018-6872):
  The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD)
  library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote
  attackers to cause a denial of service (out-of-bounds read and segmentation
  violation) via a note with a large alignment.

CVE-2018-6759 (https://nvd.nist.gov/vuln/detail/CVE-2018-6759):
  The bfd_get_debug_link_info_1 function in opncls.c in the Binary File
  Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
  has an unchecked strnlen operation. Remote attackers could leverage this
  vulnerability to cause a denial of service (segmentation fault) via a
  crafted ELF file.

CVE-2018-6543 (https://nvd.nist.gov/vuln/detail/CVE-2018-6543):
  In GNU Binutils 2.30, there's an integer overflow in the function
  load_specific_debug_section() in objdump.c, which results in `malloc()` with
  0 size. A crafted ELF file allows remote attackers to cause a denial of
  service (application crash) or possibly have unspecified other impact.
Comment 1 Andreas K. Hüttel gentoo-dev 2018-04-29 19:02:19 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2018-6872 (https://nvd.nist.gov/vuln/detail/CVE-2018-6872):
>   The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD)
>   library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote
>   attackers to cause a denial of service (out-of-bounds read and segmentation
>   violation) via a note with a large alignment.

Fix queued for binutils 2.30 patchset 2 (from upstream 2.30 branch)

> CVE-2018-6759 (https://nvd.nist.gov/vuln/detail/CVE-2018-6759):
>   The bfd_get_debug_link_info_1 function in opncls.c in the Binary File
>   Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
>   has an unchecked strnlen operation. Remote attackers could leverage this
>   vulnerability to cause a denial of service (segmentation fault) via a
>   crafted ELF file.

Fix queued for binutils 2.30 patchset 2 (cherry-picked from upstream master)

> CVE-2018-6543 (https://nvd.nist.gov/vuln/detail/CVE-2018-6543):
>   In GNU Binutils 2.30, there's an integer overflow in the function
>   load_specific_debug_section() in objdump.c, which results in `malloc()`
> with
>   0 size. A crafted ELF file allows remote attackers to cause a denial of
>   service (application crash) or possibly have unspecified other impact.

Fix queued for binutils 2.30 patchset 2 (cherry-picked from upstream master)
Comment 2 Larry the Git Cow gentoo-dev 2018-04-29 20:08:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c7fe7564dc60dd6caa3afd787728acb43fc7abe

commit 8c7fe7564dc60dd6caa3afd787728acb43fc7abe
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2018-04-29 20:07:56 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2018-04-29 20:08:06 +0000

    sys-devel/binutils: Revision bump (no keywords), 2.30 patchset 2
    
    Bug: https://bugs.gentoo.org/502492
    Bug: https://bugs.gentoo.org/647798
    Bug: https://bugs.gentoo.org/647296
    Bug: https://bugs.gentoo.org/649690
    Bug: https://bugs.gentoo.org/651576
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 sys-devel/binutils/Manifest                |   1 +
 sys-devel/binutils/binutils-2.30-r2.ebuild | 417 +++++++++++++++++++++++++++++
 2 files changed, 418 insertions(+)}
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-11-27 02:02:07 UTC
This issue was resolved and addressed in
 GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17
by GLSA coordinator Aaron Bauman (b-man).