Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639768 (CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, CVE-2017-17124, CVE-2017-17125, CVE-2017-17126) - <sys-devel/binutils-2.30 : Multiple vulnerabilities
Summary: <sys-devel/binutils-2.30 : Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, CVE-2017-17124, CVE-2017-17125, CVE-2017-17126
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7643, CVE-2018-8945 binutils-2.30-stable
Blocks:
  Show dependency tree
 
Reported: 2017-12-04 14:05 UTC by GLSAMaker/CVETool Bot
Modified: 2018-11-27 02:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-04 14:05:28 UTC
CVE-2017-17126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17126):
  The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows
  remote attackers to cause a denial of service (invalid memory access and
  application crash) or possibly have unspecified other impact via an ELF file
  that lacks section headers.

CVE-2017-17125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17125):
  nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols,
  which allows remote attackers to cause a denial of service
  (_bfd_elf_get_symbol_version_string buffer over-read and application crash)
  or possibly have unspecified other impact via a crafted ELF file.

CVE-2017-17124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17124):
  The _bfd_coff_read_string_table function in coffgen.c in the Binary File
  Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
  2.29.1, does not properly validate the size of the external string table,
  which allows remote attackers to cause a denial of service (excessive memory
  consumption, or heap-based buffer overflow and application crash) or
  possibly have unspecified other impact via a crafted COFF binary.

CVE-2017-17123 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17123):
  The coff_slurp_reloc_table function in coffcode.h in the Binary File
  Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
  2.29.1, allows remote attackers to cause a denial of service (NULL pointer
  dereference and application crash) via a crafted COFF based file.

CVE-2017-17122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17122):
  The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does
  not check for reloc count integer overflows, which allows remote attackers
  to cause a denial of service (excessive memory allocation, or heap-based
  buffer overflow and application crash) or possibly have unspecified other
  impact via a crafted PE file.

CVE-2017-17121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17121):
  The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
  Binutils 2.29.1, allows remote attackers to cause a denial of service
  (memory access violation) or possibly have unspecified other impact via a
  COFF binary in which a relocation refers to a location after the end of the
  to-be-relocated section.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2017-12-16 23:01:28 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2017-17126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17126):
>   The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows
>   remote attackers to cause a denial of service (invalid memory access and
>   application crash) or possibly have unspecified other impact via an ELF
> file
>   that lacks section headers.

In upstream master
Patch does not trivially apply to 2.29.1 branch

> 
> CVE-2017-17125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17125):
>   nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols,
>   which allows remote attackers to cause a denial of service
>   (_bfd_elf_get_symbol_version_string buffer over-read and application crash)
>   or possibly have unspecified other impact via a crafted ELF file.

In upstream master
Patch added to gentoo/2.29.1 branch for patchlevel 4

> 
> CVE-2017-17124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17124):
>   The _bfd_coff_read_string_table function in coffgen.c in the Binary File
>   Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
>   2.29.1, does not properly validate the size of the external string table,
>   which allows remote attackers to cause a denial of service (excessive
> memory
>   consumption, or heap-based buffer overflow and application crash) or
>   possibly have unspecified other impact via a crafted COFF binary.

In upstream master
Patch added to gentoo/2.29.1 branch for patchlevel 4

> 
> CVE-2017-17123 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17123):
>   The coff_slurp_reloc_table function in coffcode.h in the Binary File
>   Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
>   2.29.1, allows remote attackers to cause a denial of service (NULL pointer
>   dereference and application crash) via a crafted COFF based file.

In upstream master
Patch added to gentoo/2.29.1 branch for patchlevel 4

> 
> CVE-2017-17122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17122):
>   The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1
> does
>   not check for reloc count integer overflows, which allows remote attackers
>   to cause a denial of service (excessive memory allocation, or heap-based
>   buffer overflow and application crash) or possibly have unspecified other
>   impact via a crafted PE file.

In upstream master
Patch added to gentoo/2.29.1 branch for patchlevel 4

> 
> CVE-2017-17121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17121):
>   The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
> GNU
>   Binutils 2.29.1, allows remote attackers to cause a denial of service
>   (memory access violation) or possibly have unspecified other impact via a
>   COFF binary in which a relocation refers to a location after the end of the
>   to-be-relocated section.

In upstream master
Patch added to gentoo/2.29.1 branch for patchlevel 4
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2018-04-29 18:45:39 UTC
(In reply to Andreas K. Hüttel from comment #1)
> (In reply to GLSAMaker/CVETool Bot from comment #0)
> > CVE-2017-17126 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17126):
> >   The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows
> >   remote attackers to cause a denial of service (invalid memory access and
> >   application crash) or possibly have unspecified other impact via an ELF
> > file
> >   that lacks section headers.
> 
> In upstream master
> Patch does not trivially apply to 2.29.1 branch

Fixed in 2.30

> > CVE-2017-17125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17125):
> >   nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols,
> >   which allows remote attackers to cause a denial of service
> >   (_bfd_elf_get_symbol_version_string buffer over-read and application crash)
> >   or possibly have unspecified other impact via a crafted ELF file.
> 
> In upstream master
> Patch added to gentoo/2.29.1 branch for patchlevel 4

Fixed in 2.30

> > CVE-2017-17124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17124):
> >   The _bfd_coff_read_string_table function in coffgen.c in the Binary File
> >   Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> >   2.29.1, does not properly validate the size of the external string table,
> >   which allows remote attackers to cause a denial of service (excessive
> > memory
> >   consumption, or heap-based buffer overflow and application crash) or
> >   possibly have unspecified other impact via a crafted COFF binary.
> 
> In upstream master
> Patch added to gentoo/2.29.1 branch for patchlevel 4

Fixed in 2.30

> > CVE-2017-17123 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17123):
> >   The coff_slurp_reloc_table function in coffcode.h in the Binary File
> >   Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
> >   2.29.1, allows remote attackers to cause a denial of service (NULL pointer
> >   dereference and application crash) via a crafted COFF based file.
> 
> In upstream master
> Patch added to gentoo/2.29.1 branch for patchlevel 4

Fixed in 2.30

> > CVE-2017-17122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17122):
> >   The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1
> > does
> >   not check for reloc count integer overflows, which allows remote attackers
> >   to cause a denial of service (excessive memory allocation, or heap-based
> >   buffer overflow and application crash) or possibly have unspecified other
> >   impact via a crafted PE file.
> 
> In upstream master
> Patch added to gentoo/2.29.1 branch for patchlevel 4

Fixed in 2.30

> > CVE-2017-17121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17121):
> >   The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
> > GNU
> >   Binutils 2.29.1, allows remote attackers to cause a denial of service
> >   (memory access violation) or possibly have unspecified other impact via a
> >   COFF binary in which a relocation refers to a location after the end of the
> >   to-be-relocated section.
> 
> In upstream master
> Patch added to gentoo/2.29.1 branch for patchlevel 4

Fixed in 2.30
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-11-27 02:02:00 UTC
This issue was resolved and addressed in
 GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17
by GLSA coordinator Aaron Bauman (b-man).