Summary: | <sys-devel/binutils-2.35: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ab4bd, alexey+gentoo, bertrand, sergeev917 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 761957, 766734, 779805 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2019-02-26 06:39:45 UTC
> (https://nvd.nist.gov/vuln/detail/CVE-2019-9077): > An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer > overflow in process_mips_specific in readelf.c via a malformed MIPS option > section. > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 Fixed in Gentoo 2.32 branch, will be in patchset 3 > (https://nvd.nist.gov/vuln/detail/CVE-2019-9076): > An issue was discovered in the Binary File Descriptor (BFD) library (aka > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive > memory allocation in elf_read_notes in elf.c. > > Note: upstream ruling as normal behavior and WONTFIX > https://sourceware.org/bugzilla/show_bug.cgi?id=24238 No action. > (https://nvd.nist.gov/vuln/detail/CVE-2019-9075): > An issue was discovered in the Binary File Descriptor (BFD) library (aka > libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer > overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24236 Fixed in Gentoo 2.32 branch, will be in patchset 3 > (https://nvd.nist.gov/vuln/detail/CVE-2019-9074): > An issue was discovered in the Binary File Descriptor (BFD) library (aka > libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read > leading to a SEGV in bfd_getl32 in libbfd.c, when called from > pex64_get_runtime_function in pei-x86_64.c. > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24235 Fixed in Gentoo 2.32 branch, will be in patchset 3 > (https://nvd.nist.gov/vuln/detail/CVE-2019-9073): > An issue was discovered in the Binary File Descriptor (BFD) library (aka > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive > memory allocation in _bfd_elf_slurp_version_tables in elf.c. > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24233 Fixed in Gentoo 2.32 branch, will be in patchset 3 > (https://nvd.nist.gov/vuln/detail/CVE-2019-9072): > An issue was discovered in the Binary File Descriptor (BFD) library (aka > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive > memory allocation in setup_group in elf.c. > > Upstream Reference: (WONTFIX) > https://sourceware.org/bugzilla/show_bug.cgi?id=24232 Upstream not-a-bug > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071): > An issue was discovered in GNU libiberty, as distributed in GNU Binutils > 2.32. It is a stack consumption issue in d_count_templates_scopes in > cp-demangle.c after many recursive calls. > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227 Problem is in libiberty > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070): > An issue was discovered in GNU libiberty, as distributed in GNU Binutils > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c > after many recursive calls. > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229 Problem is in libiberty (In reply to Andreas K. Hüttel from comment #1) > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071): > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils > > 2.32. It is a stack consumption issue in d_count_templates_scopes in > > cp-demangle.c after many recursive calls. > > > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227 > > Problem is in libiberty > Fixed in binutils 2.35 (upcoming): https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394#c10 > > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070): > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils > > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c > > after many recursive calls. > > > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229 > > Problem is in libiberty Seems to be same as above, fixed in 2.35. (In reply to Sam James from comment #2) > Fixed in binutils 2.35 (upcoming): Binutils 2.35 is now available: https://sourceware.org/pipermail/binutils/2020-July/112530.html > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9076): > > An issue was discovered in the Binary File Descriptor (BFD) library (aka > > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive > > memory allocation in elf_read_notes in elf.c. > > > > Note: upstream ruling as normal behavior and WONTFIX > > https://sourceware.org/bugzilla/show_bug.cgi?id=24238 > > No action. Still no action. Recommend ignoring this CVE. > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9072): > > An issue was discovered in the Binary File Descriptor (BFD) library (aka > > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive > > memory allocation in setup_group in elf.c. > > > > Upstream Reference: (WONTFIX) > > https://sourceware.org/bugzilla/show_bug.cgi?id=24232 > > Upstream not-a-bug Still no action. Recommend ignoring this CVE. (In reply to Sam James from comment #2) > (In reply to Andreas K. Hüttel from comment #1) > > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071): > > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils > > > 2.32. It is a stack consumption issue in d_count_templates_scopes in > > > cp-demangle.c after many recursive calls. > > > > > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227 > > > > Problem is in libiberty > > Fixed in binutils 2.35 (upcoming): > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394#c10 Yep, fixed in binutils-2.35 Too big for backporting. > > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070): > > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils > > > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c > > > after many recursive calls. > > > > > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229 > > > > Problem is in libiberty > > Seems to be same as above, fixed in 2.35. Yep, fixed in binutils-2.35 Too big for backporting. CVE-2020-16590 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4): A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file. CVE-2020-16591 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2): A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif. CVE-2020-16592 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a): A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. CVE-2020-16593 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729): A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. CVE-2020-16598 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2): A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file. CVE-2020-16599 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4): A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. All patches also in the 2.35 release according to Git. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7c7bf9cf98bc2f32234865faf2c352c16362334 commit b7c7bf9cf98bc2f32234865faf2c352c16362334 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-05-16 10:00:08 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-05-16 10:01:04 +0000 package.mask: Extend binutils mask to <2.35.2 Bug: https://bugs.gentoo.org/761957 Bug: https://bugs.gentoo.org/678806 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) All affected versions masked. No cleanup (toolchain). GLSA request filed. This issue was resolved and addressed in GLSA 202107-24 at https://security.gentoo.org/glsa/202107-24 by GLSA coordinator John Helmert III (ajak). |