Summary: | <sys-devel/binutils-2.36.1-r1 : multiple vulnerabilities (CVE-2021-{3487,20197,20284,20294}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 809059 | ||
Bug Blocks: |
Description
John Helmert III
2021-03-27 04:19:00 UTC
CVE-2021-3487: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 CVE-2021-20294: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. > CVE-2021-20197 (https://sourceware.org/bugzilla/show_bug.cgi?id=26945): > > There is an open race window when writing output in the following utilities > in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When > these utilities are run as a privileged user (presumably as part of a script > updating binaries across different users), an unprivileged user can trick > these utilities into getting ownership of arbitrary files through a symlink. Fixed in Gentoo binutils-2.36.1-r1 > CVE-2021-20284 (https://sourceware.org/bugzilla/show_bug.cgi?id=26931): > > A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer > overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the > number of symbols not calculated correctly. The highest threat from this > vulnerability is to system availability. Fixed in Gentoo binutils-2.36.1-r1 > CVE-2021-3487: > > There's a flaw in the BFD library of binutils in versions before 2.36. An > attacker who supplies a crafted file to an application linked with BFD, and > using the DWARF functionality, could cause an impact to system availability > by way of excessive memory consumption. > > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 > Patch: > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=647cebce12a6b0a26960220caff96ff38978cf24 Fixed in Gentoo binutils-2.36.1-r1 > CVE-2021-20294: > > A flaw was found in binutils readelf 2.35 program. An attacker who is able > to convince a victim using readelf to read a crafted file could trigger a > stack buffer overflow, out-of-bounds write of arbitrary data supplied by the > attacker. The highest impact of this flaw is to confidentiality, integrity, > and availability. https://sourceware.org/bugzilla/show_bug.cgi?id=26929 Fixed in Gentoo binutils-2.36.1-r1 Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6d6f7b7b7209257f1a9f4760ca4e132e1571600 commit d6d6f7b7b7209257f1a9f4760ca4e132e1571600 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-09-25 19:07:19 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-09-25 19:21:19 +0000 package.mask: Update binutils mask to <2.36.1-r2 Bug: https://bugs.gentoo.org/778545 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks dilfridge \o/ Toolchain out. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d8cf0a3e06fbdd4dd76f179edfa141b674a0968 commit 1d8cf0a3e06fbdd4dd76f179edfa141b674a0968 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 21:47:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 21:48:21 +0000 [ GLSA 202208-30 ] GNU Binutils: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/778545 Bug: https://bugs.gentoo.org/792342 Bug: https://bugs.gentoo.org/829304 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-30.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) GLSA done, all done. CVE-2020-19726 (https://sourceware.org/bugzilla/show_bug.cgi?id=26240): An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. |