Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637642 (CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829, CVE-2017-16830, CVE-2017-16831, CVE-2017-16832) - <sys-devel/binutils-2.30 : Multiple Vulnerabilities
Summary: <sys-devel/binutils-2.30 : Multiple Vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829, CVE-2017-16830, CVE-2017-16831, CVE-2017-16832
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7643, CVE-2018-8945 binutils-2.30-stable
Blocks:
  Show dependency tree
 
Reported: 2017-11-16 03:19 UTC by Francis Booth
Modified: 2018-11-27 02:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Francis Booth 2017-11-16 03:19:18 UTC
## CVE-2017-16826

The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

## CVE-2017-16827

The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.

## CVE-2017-16828

The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

## CVE-2017-16829

The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.

## CVE-2017-16830

The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

## CVE-2017-16831

coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

## CVE-2017-16832

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.


~ eleix (Security Padawan)

Reproducible: Didn't try
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-16 03:34:52 UTC
@Maintainers please let us know when tree is clean from vulnerable versions.

Thank you
Comment 2 Andreas K. Hüttel gentoo-dev 2017-12-15 23:01:33 UTC
(In reply to Francis Booth from comment #0)
> ## CVE-2017-16826
> 
> The coff_slurp_line_table function in coffcode.h in the Binary File
> Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> 2.29.1, allows remote attackers to cause a denial of service (invalid memory
> access and application crash) or possibly have unspecified other impact via
> a crafted PE file.

Fixed in upstream master
Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

> 
> ## CVE-2017-16827
> 
> The aout_get_external_symbols function in aoutx.h in the Binary File
> Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab
> invalid free and application crash) or possibly have unspecified other
> impact via a crafted ELF file.

Fixed in upstream master
Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

> 
> ## CVE-2017-16828
> 
> The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows
> remote attackers to cause a denial of service (integer overflow and
> heap-based buffer over-read, and application crash) or possibly have
> unspecified other impact via a crafted ELF file, related to
> print_debug_frame.

Fixed in upstream master
Patch does not apply trivially to gentoo/binutils-2.29.1 branch

> 
> ## CVE-2017-16829
> 
> The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary
> File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> 2.29.1, does not prevent negative pointers, which allows remote attackers to
> cause a denial of service (out-of-bounds read and application crash) or
> possibly have unspecified other impact via a crafted ELF file.

Fixed in upstream master
Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

> 
> ## CVE-2017-16830
> 
> The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1
> does not have integer-overflow protection on 32-bit platforms, which allows
> remote attackers to cause a denial of service (segmentation violation and
> application crash) or possibly have unspecified other impact via a crafted
> ELF file.

Fixed in upstream master
Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

> 
> ## CVE-2017-16831
> 
> coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as
> distributed in GNU Binutils 2.29.1, does not validate the symbol count,
> which allows remote attackers to cause a denial of service (integer overflow
> and application crash, or excessive memory allocation) or possibly have
> unspecified other impact via a crafted PE file.

Fixed in upstream master
Patch does not apply trivially to gentoo/binutils-2.29.1 branch

> 
> ## CVE-2017-16832
> 
> The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor
> (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not
> validate size and offset values in the data dictionary, which allows remote
> attackers to cause a denial of service (segmentation violation and
> application crash) or possibly have unspecified other impact via a crafted
> PE file.

Fixed in upstream master
Added to gentoo/binutils-2.29.1 branch (patchlevel 4)
Comment 3 Andreas K. Hüttel gentoo-dev 2018-04-29 16:37:17 UTC
(In reply to Andreas K. Hüttel from comment #2)
> (In reply to Francis Booth from comment #0)
> > ## CVE-2017-16826
> > 
> > The coff_slurp_line_table function in coffcode.h in the Binary File
> > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> > 2.29.1, allows remote attackers to cause a denial of service (invalid memory
> > access and application crash) or possibly have unspecified other impact via
> > a crafted PE file.
> 
> Fixed in upstream master
> Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

Fixed in 2.30

> 
> > 
> > ## CVE-2017-16827
> > 
> > The aout_get_external_symbols function in aoutx.h in the Binary File
> > Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> > 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab
> > invalid free and application crash) or possibly have unspecified other
> > impact via a crafted ELF file.
> 
> Fixed in upstream master
> Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

Fixed in 2.30

> 
> > 
> > ## CVE-2017-16828
> > 
> > The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows
> > remote attackers to cause a denial of service (integer overflow and
> > heap-based buffer over-read, and application crash) or possibly have
> > unspecified other impact via a crafted ELF file, related to
> > print_debug_frame.
> 
> Fixed in upstream master
> Patch does not apply trivially to gentoo/binutils-2.29.1 branch

Fixed in 2.30

> 
> > 
> > ## CVE-2017-16829
> > 
> > The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary
> > File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> > 2.29.1, does not prevent negative pointers, which allows remote attackers to
> > cause a denial of service (out-of-bounds read and application crash) or
> > possibly have unspecified other impact via a crafted ELF file.
> 
> Fixed in upstream master
> Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

Fixed in 2.30

> 
> > 
> > ## CVE-2017-16830
> > 
> > The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1
> > does not have integer-overflow protection on 32-bit platforms, which allows
> > remote attackers to cause a denial of service (segmentation violation and
> > application crash) or possibly have unspecified other impact via a crafted
> > ELF file.
> 
> Fixed in upstream master
> Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

Fixed in 2.30

> 
> > 
> > ## CVE-2017-16831
> > 
> > coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as
> > distributed in GNU Binutils 2.29.1, does not validate the symbol count,
> > which allows remote attackers to cause a denial of service (integer overflow
> > and application crash, or excessive memory allocation) or possibly have
> > unspecified other impact via a crafted PE file.
> 
> Fixed in upstream master
> Patch does not apply trivially to gentoo/binutils-2.29.1 branch

Fixed in 2.30

> 
> > 
> > ## CVE-2017-16832
> > 
> > The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor
> > (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not
> > validate size and offset values in the data dictionary, which allows remote
> > attackers to cause a denial of service (segmentation violation and
> > application crash) or possibly have unspecified other impact via a crafted
> > PE file.
> 
> Fixed in upstream master
> Added to gentoo/binutils-2.29.1 branch (patchlevel 4)

Fixed in 2.30
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-11-27 02:01:45 UTC
This issue was resolved and addressed in
 GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17
by GLSA coordinator Aaron Bauman (b-man).