Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678806 (CVE-2019-9070, CVE-2019-9071, CVE-2019-9072, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9076, CVE-2019-9077, CVE-2020-16590, CVE-2020-16591, CVE-2020-16593, CVE-2020-16598, CVE-2020-19599) - <sys-devel/binutils-2.35: multiple vulnerabilities
Summary: <sys-devel/binutils-2.35: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2019-9070, CVE-2019-9071, CVE-2019-9072, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9076, CVE-2019-9077, CVE-2020-16590, CVE-2020-16591, CVE-2020-16593, CVE-2020-16598, CVE-2020-19599
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on: CVE-2020-35448 766734 779805
Blocks:
  Show dependency tree
 
Reported: 2019-02-26 06:39 UTC by D'juan McDonald (domhnall)
Modified: 2021-07-10 02:52 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-02-26 06:39:45 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-9077):
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24243

(https://nvd.nist.gov/vuln/detail/CVE-2019-9076):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

Note: upstream ruling as normal behavior and WONTFIX
https://sourceware.org/bugzilla/show_bug.cgi?id=24238


(https://nvd.nist.gov/vuln/detail/CVE-2019-9075):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24236

(https://nvd.nist.gov/vuln/detail/CVE-2019-9074):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24235

(https://nvd.nist.gov/vuln/detail/CVE-2019-9073):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24233

(https://nvd.nist.gov/vuln/detail/CVE-2019-9072):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

Upstream Reference: (WONTFIX) https://sourceware.org/bugzilla/show_bug.cgi?id=24232


(https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227

(https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229

Gentoo Security Padawan
(domhnall)
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2019-06-03 05:54:18 UTC
> (https://nvd.nist.gov/vuln/detail/CVE-2019-9077):
> An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer
> overflow in process_mips_specific in readelf.c via a malformed MIPS option
> section.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24243

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9076):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> memory allocation in elf_read_notes in elf.c.
> 
> Note: upstream ruling as normal behavior and WONTFIX
> https://sourceware.org/bugzilla/show_bug.cgi?id=24238

No action.


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9075):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer
> overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24236

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9074):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read
> leading to a SEGV in bfd_getl32 in libbfd.c, when called from
> pex64_get_runtime_function in pei-x86_64.c.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24235

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9073):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> memory allocation in _bfd_elf_slurp_version_tables in elf.c.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24233

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9072):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> memory allocation in setup_group in elf.c.
> 
> Upstream Reference: (WONTFIX)
> https://sourceware.org/bugzilla/show_bug.cgi?id=24232

Upstream not-a-bug


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
> An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> 2.32. It is a stack consumption issue in d_count_templates_scopes in
> cp-demangle.c after many recursive calls.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227

Problem is in libiberty


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
> An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
> after many recursive calls.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229

Problem is in libiberty
Comment 2 Sam James archtester gentoo-dev Security 2020-06-20 01:27:32 UTC
(In reply to Andreas K. Hüttel from comment #1)
> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
> > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > 2.32. It is a stack consumption issue in d_count_templates_scopes in
> > cp-demangle.c after many recursive calls.
> > 
> > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
> 
> Problem is in libiberty
> 

Fixed in binutils 2.35 (upcoming): https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394#c10

> 
> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
> > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
> > after many recursive calls.
> > 
> > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
> 
> Problem is in libiberty

Seems to be same as above, fixed in 2.35.
Comment 3 Alexander Sergeyev 2020-07-29 06:10:19 UTC
(In reply to Sam James from comment #2)
> Fixed in binutils 2.35 (upcoming):

Binutils 2.35 is now available: https://sourceware.org/pipermail/binutils/2020-July/112530.html
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2020-07-31 14:27:41 UTC
> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9076):
> > An issue was discovered in the Binary File Descriptor (BFD) library (aka
> > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> > memory allocation in elf_read_notes in elf.c.
> > 
> > Note: upstream ruling as normal behavior and WONTFIX
> > https://sourceware.org/bugzilla/show_bug.cgi?id=24238
> 
> No action.

Still no action.
Recommend ignoring this CVE.

> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9072):
> > An issue was discovered in the Binary File Descriptor (BFD) library (aka
> > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> > memory allocation in setup_group in elf.c.
> > 
> > Upstream Reference: (WONTFIX)
> > https://sourceware.org/bugzilla/show_bug.cgi?id=24232
> 
> Upstream not-a-bug

Still no action. 
Recommend ignoring this CVE.


(In reply to Sam James from comment #2)
> (In reply to Andreas K. Hüttel from comment #1)
> > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
> > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > > 2.32. It is a stack consumption issue in d_count_templates_scopes in
> > > cp-demangle.c after many recursive calls.
> > > 
> > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
> > 
> > Problem is in libiberty
> 
> Fixed in binutils 2.35 (upcoming):
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394#c10

Yep, fixed in binutils-2.35
Too big for backporting.

> > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
> > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
> > > after many recursive calls.
> > > 
> > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
> > 
> > Problem is in libiberty
> 
> Seems to be same as above, fixed in 2.35.

Yep, fixed in binutils-2.35
Too big for backporting.
Comment 5 John Helmert III gentoo-dev Security 2020-12-27 19:44:24 UTC
CVE-2020-16590 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4):

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

CVE-2020-16591 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2):

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif.

CVE-2020-16592 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a):

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVE-2020-16593 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729):

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

CVE-2020-16598 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2):

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.

CVE-2020-16599 (https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4):

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.


All patches also in the 2.35 release according to Git.
Comment 6 Larry the Git Cow gentoo-dev 2021-05-16 10:01:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7c7bf9cf98bc2f32234865faf2c352c16362334

commit b7c7bf9cf98bc2f32234865faf2c352c16362334
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-05-16 10:00:08 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-05-16 10:01:04 +0000

    package.mask: Extend binutils mask to <2.35.2
    
    Bug: https://bugs.gentoo.org/761957
    Bug: https://bugs.gentoo.org/678806
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 profiles/package.mask | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 7 Andreas K. Hüttel archtester gentoo-dev 2021-05-16 10:02:24 UTC
All affected versions masked. No cleanup (toolchain).
Comment 8 John Helmert III gentoo-dev Security 2021-07-06 00:48:16 UTC
GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-07-10 02:52:18 UTC
This issue was resolved and addressed in
 GLSA 202107-24 at https://security.gentoo.org/glsa/202107-24
by GLSA coordinator John Helmert III (ajak).