Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 676794 (CVE-2019-7150) - <dev-libs/elfutils-0.173-r1: dwfl_segment_report_module doesn't check whether the dyn data read from core
Summary: <dev-libs/elfutils-0.173-r1: dwfl_segment_report_module doesn't check whether...
Status: RESOLVED FIXED
Alias: CVE-2019-7150
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-29 14:23 UTC by Demetris Nakos (sokan)
Modified: 2019-10-13 11:24 UTC (History)
2 users (show)

See Also:
Package list:
=dev-libs/elfutils-0.173-r1
Runtime testing required: No


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Demetris Nakos (sokan) 2019-01-29 14:23:19 UTC
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

Fixed with patch:
https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html

--Gentoo security padawan--
Comment 1 Larry the Git Cow gentoo-dev 2019-01-29 21:56:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d21856c6b7ba9348121de36979d22d94fb0bfc16

commit d21856c6b7ba9348121de36979d22d94fb0bfc16
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-01-29 21:55:33 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-01-29 21:56:18 +0000

    dev-libs/elfutils: fix parsing of partial core, bug #676794
    
    Reported-by: Demetris Nakos
    Bug: https://bugs.gentoo.org/676794
    Bug: https://sourceware.org/PR24103
    Package-Manager: Portage-2.3.59, Repoman-2.3.12
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 dev-libs/elfutils/elfutils-0.173-r1.ebuild         | 69 ++++++++++++++++++++++
 ...utils-0.175.ebuild => elfutils-0.175-r1.ebuild} |  7 ++-
 .../files/elfutils-0.173-partial-core.patch        | 34 +++++++++++
 3 files changed, 108 insertions(+), 2 deletions(-)
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-04 22:41:51 UTC
@arches, please stabilize
Comment 3 Agostino Sarubbo gentoo-dev 2019-04-05 20:47:42 UTC
amd64 stable
Comment 4 Sergei Trofimovich gentoo-dev 2019-04-05 23:06:54 UTC
(In reply to Aaron Bauman from comment #2)
> @arches, please stabilize

Did you get an ACK from the maintainer to start stabilization? >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug #671760
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-06 04:03:11 UTC
(In reply to Sergei Trofimovich from comment #4)
> (In reply to Aaron Bauman from comment #2)
> > @arches, please stabilize
> 
> Did you get an ACK from the maintainer to start stabilization?
> >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug
> #671760

Are you intentionally referencing a bug closed over a month ago?
Comment 6 Matt Turner gentoo-dev 2019-04-06 07:08:39 UTC
(In reply to Aaron Bauman from comment #5)
> (In reply to Sergei Trofimovich from comment #4)
> > (In reply to Aaron Bauman from comment #2)
> > > @arches, please stabilize
> > 
> > Did you get an ACK from the maintainer to start stabilization?
> > >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug
> > #671760
> 
> Are you intentionally referencing a bug closed over a month ago?

Read the bug a little better. It was resolved by unmasking elfutils since the appropriate binutils version was now ~arch. That doesn't mean we can stabilize that version yet.

If stable elfutils is broken with stable binutils, that's a problem. As far as I can tell, that's the current situation.
Comment 7 Sergei Trofimovich gentoo-dev 2019-04-06 09:55:53 UTC
(In reply to Aaron Bauman from comment #5)
> (In reply to Sergei Trofimovich from comment #4)
> > (In reply to Aaron Bauman from comment #2)
> > > @arches, please stabilize
> > 
> > Did you get an ACK from the maintainer to start stabilization?
> > >=dev-libs/elfutils-0.175 requires binutils-2.32 to work correctly: bug
> > #671760
> 
> Are you intentionally referencing a bug closed over a month ago?

The bug is relevant.

Can I get an answer to my question please? I'll state it again:

Did you get an ACK from the maintainer to start stabilization?
Comment 8 Larry the Git Cow gentoo-dev 2019-04-06 15:25:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ef6ada6d119ed6afccc9d6fb2006bc3e2814b40

commit 7ef6ada6d119ed6afccc9d6fb2006bc3e2814b40
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2019-04-06 15:23:54 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2019-04-06 15:24:59 +0000

    dev-libs/elfutils: Undo stabilization of 0.176
    
    Stabilization was initiated without acknowledgment by toolchain
    
    The result of the stabilization is a configuration in stable that is
    unable to build the kernel, see bug 671760.
    
    Bug: https://bugs.gentoo.org/676794
    Bug: https://bugs.gentoo.org/671760
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 dev-libs/elfutils/elfutils-0.176.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 9 Markus Meier gentoo-dev 2019-04-08 18:26:53 UTC
arm stable, all arches done.
Comment 10 Larry the Git Cow gentoo-dev 2019-04-09 06:59:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b740d8df7d2c6bf9b80ed91eb930434428761176

commit b740d8df7d2c6bf9b80ed91eb930434428761176
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-04-09 06:58:03 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-04-09 06:59:30 +0000

    dev-libs/elfutils: revert "arm stable, bug #676794"
    
    This reverts commit 24fbdabc1ca529b754949c782c791f40896f475e.
    
    Bug: https://bugs.gentoo.org/676794
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 dev-libs/elfutils/elfutils-0.176.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 11 Andreas K. Hüttel gentoo-dev 2019-04-09 22:22:48 UTC
Arches please stabilize:

dev-libs/elfutils-0.173-r1

(NOTE: 173-r1, NOT 176-r1 !)

Special test instructions: Build a kernel. 
(cf. bug 671760 for background)
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-10 04:24:36 UTC
amd64 stable
Comment 13 Thomas Deutschmann gentoo-dev Security 2019-04-10 17:05:34 UTC
x86 stable
Comment 14 Rolf Eike Beer 2019-04-11 19:41:38 UTC
sparc stable
Comment 15 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-17 01:37:30 UTC
arm64 stable
Comment 16 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-04-20 18:40:48 UTC
arm stable
Comment 17 Sergei Trofimovich gentoo-dev 2019-04-27 16:36:53 UTC
ppc64 stable
Comment 18 Sergei Trofimovich gentoo-dev 2019-04-27 16:52:56 UTC
ppc stable
Comment 19 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-04-28 20:24:09 UTC
s390 stable
Comment 20 Sergei Trofimovich gentoo-dev 2019-04-29 08:55:28 UTC
ia64 stable
Comment 21 Matt Turner gentoo-dev 2019-05-02 04:30:19 UTC
hppa stable by jer
Comment 22 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-05-02 21:06:17 UTC
alpha stable