Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 632668 (CVE-2017-14974) - <sys-devel/binutils-2.29.1-r1 : denial of service through NULL pointer dereference
Summary: <sys-devel/binutils-2.29.1-r1 : denial of service through NULL pointer derefe...
Status: RESOLVED FIXED
Alias: CVE-2017-14974
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-02 02:15 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-01-07 23:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-10-02 02:15:24 UTC
CVE-2017-14974 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974):

The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. 

References:

https://sourceware.org/bugzilla/show_bug.cgi?id=22163
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf
Comment 1 D'juan McDonald (domhnall) 2017-10-02 02:46:02 UTC
@maintainer(s), patches 3/4 from upstream...other patch is changelog update so not reporting here. Though it can be found in $URL if needed.

(In reply to Aleksandr Wagner (Kivak) from comment #0)
>https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git
>h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf

commit e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf
*x86: Return -1 if bfd_canonicalize_dynamic_reloc returns 0

*Stop if bfd_canonicalize_dynamic_reloc returns 0.

cherry picked from commit b69e9267d15a09ce3f3d4599eae2952dfc6df502
* elf32-i386.c (elf_i386_get_synthetic_symtab): Also return -1
    	if bfd_canonicalize_dynamic_reloc returns 0.

* elf64-x86-64.c (elf_x86_64_get_synthetic_symtab)

Gentoo Security Padawan
Daj Uan (jmbailey/mbailey_j)
Comment 2 D'juan McDonald (domhnall) 2017-10-02 02:50:14 UTC
@Kivak, ah my apologies sir, just realized the patch you provided is same as other one.

@maintainer(s), there are 3 total patches not 4, fourth is Changlog.
Comment 3 Andreas K. Hüttel gentoo-dev 2017-10-11 20:59:25 UTC
Patch added to gentoo/binutils-2.29.1 branch
Comment 4 Andreas K. Hüttel gentoo-dev 2017-10-13 18:44:54 UTC
Fixed in 2.29.1-r1
Comment 5 Andreas K. Hüttel gentoo-dev 2017-12-27 22:55:07 UTC
All affected versions are masked. No further cleanup (toolchain package). 

Nothing to do for toolchain here anymore. Please proceed.
Comment 6 D'juan McDonald (domhnall) 2018-01-05 06:47:57 UTC
Added to existing GLSA request.


Gentoo Security Padawan
(Jmbailey/mbailey_j)
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2018-01-07 23:12:16 UTC
This issue was resolved and addressed in
 GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01
by GLSA coordinator Aaron Bauman (b-man).