CVE-2017-15938 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938): dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). References: https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/ https://sourceware.org/bugzilla/show_bug.cgi?id=22209 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a CVE-2017-15023 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023): read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. References: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/ https://sourceware.org/bugzilla/show_bug.cgi?id=22200 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf CVE-2017-15939 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939): dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. References: https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/ https://sourceware.org/bugzilla/show_bug.cgi?id=22205 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9
(In reply to Aleksandr Wagner (Kivak) from comment #0) > CVE-2017-15938 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938): > > dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as > distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in > the case of a relocatable object file, which allows remote attackers to > cause a denial of service (find_abstract_instance_name invalid memory read, > segmentation fault, and application crash). > > References: > > https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in- > find_abstract_instance_name-dwarf2-c/ > https://sourceware.org/bugzilla/show_bug.cgi?id=22209 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=1b86808a86077722ee4f42ff97f836b12420bb2a Will be in 2.30; in master branch. Backport not trivial. > > CVE-2017-15023 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023): > > read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly > validate the format count, which allows remote attackers to cause a denial > of service (NULL pointer dereference and application crash) via a crafted > ELF file, related to concat_filename. > > References: > > https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in- > concat_filename-dwarf2-c/ > https://sourceware.org/bugzilla/show_bug.cgi?id=22200 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=c361faae8d964db951b7100cada4dcdc983df1bf Will be in 2.30; in master branch. Backported to gentoo/binutils-2.29 branch. > > CVE-2017-15939 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939): > > dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as > distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line > file table, which allows remote attackers to cause a denial of service (NULL > pointer dereference and application crash) via a crafted ELF file, related > to concat_filename. NOTE: this issue is caused by an incomplete fix for > CVE-2017-15023. > > References: > > https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in- > concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/ > https://sourceware.org/bugzilla/show_bug.cgi?id=22205 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=a54018b72d75abf2e74bf36016702da06399c1d9 Will be in 2.30; in master branch. Backported to gentoo/binutils-2.29 branch.
All affected versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. Please proceed.
Added to existing GLSA request. Gentoo Security Padawan (Jmbailey/mbailey_j)
This issue was resolved and addressed in GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01 by GLSA coordinator Aaron Bauman (b-man).
