CVE-2017-8397 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8397): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVE-2017-8396 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8396): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. CVE-2017-8395 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8395): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. CVE-2017-8394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8394): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. CVE-2017-8393 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8393): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. CVE-2017-8392 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8392): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
CVE-2017-8392: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21409 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97e83a100aa8250be783304bfe0429761c6e6b6b CVE-2017-8393: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21412 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 CVE-2017-8394: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21414 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2 CVE-2017-8395: ============== Upstream bug: Fixed by: CVE-2017-8396: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21431 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3 CVE-2017-8397: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21434 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
Correction, I mixed CVE-2017-8395 with CVE-2017-8396: CVE-2017-8395: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21431 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3 CVE-2017-8396: ============== Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21432 Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
2.27: could not backport patches 2.28: Fixed in 2.28-r1 * The patch for CVE-2017-8392 cannot be backported to 2.28, the function and code snippet in question does not exist. Security, please advice. Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Jun 6 17:04:54 2017 -0500 sys-devel/binutils: 2.28 - multiple security fixes, bug #618514, bug #618516, bug #618520, bug #618826 CVE-2017-9041 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 CVE-2017-9040, CVE-2017-9042 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf CVE-2017-9039 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5 CVE-2017-9038 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d CVE-2017-8421 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb CVE-2017-8396, CVE-2017-8397 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab CVE-2017-8395 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3 CVE-2017-8394 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2 CVE-2017-8393 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 CVE-2017-8398 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 CVE-2017-7614 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8 [1] https://bugs.gentoo.org/show_bug.cgi?id=618514 [2] https://bugs.gentoo.org/show_bug.cgi?id=618516 [3] https://bugs.gentoo.org/show_bug.cgi?id=618820 [4] https://bugs.gentoo.org/show_bug.cgi?id=618826 [5] https://bugs.gentoo.org/show_bug.cgi?id=618006 Package-Manager: Portage-2.3.6, Repoman-2.3.2
All vulnerable versions are masked. No cleanup (toolchain package).
This issue was resolved and addressed in GLSA 201709-02 at https://security.gentoo.org/glsa/201709-02 by GLSA coordinator Aaron Bauman (b-man).