618004 – (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613) <dev-libs/elfutils-0.169-r1: multiple vulnerabilities

Bug 618004 (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613) - <dev-libs/elfutils-0.169-r1: multiple vulnerabilities

Summary: <dev-libs/elfutils-0.169-r1: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	A3 [glsa cve]
Keywords:

Depends on:
Blocks:	CVE-2016-10255 CVE-2016-10254
	Show dependency tree

Reported:	2017-05-09 18:09 UTC by Agostino Sarubbo
Modified:	2018-07-28 13:13 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	dev-libs/elfutils-0.169-r1
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
CVE-2017-7607.patch (CVE-2017-7607.patch,1.12 KB, patch) 2017-06-24 00:16 UTC, Andrey Ovcharov	no flags	Details \| Diff
CVE-2017-7608.patch (CVE-2017-7608.patch,3.76 KB, patch) 2017-06-24 00:17 UTC, Andrey Ovcharov	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-05-09 18:09:25 UTC

https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2017-05-16 06:41:32 UTC

CVE-2017-7613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7613):
  elflint.c in elfutils 0.168 does not validate the number of sections and the
  number of segments, which allows remote attackers to cause a denial of
  service (memory consumption) via a crafted ELF file.

CVE-2017-7612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7612):
  The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

CVE-2017-7611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7611):
  The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

CVE-2017-7610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7610):
  The check_group function in elflint.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

CVE-2017-7609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7609):
  elf_compress.c in elfutils 0.168 does not validate the zlib compression
  factor, which allows remote attackers to cause a denial of service (memory
  consumption) via a crafted ELF file.

CVE-2017-7608 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7608):
  The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils
  0.168 allows remote attackers to cause a denial of service (heap-based
  buffer over-read and application crash) via a crafted ELF file.

CVE-2017-7607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7607):
  The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote
  attackers to cause a denial of service (heap-based buffer over-read and
  application crash) via a crafted ELF file.

Comment 2 Manuel Rüger (RETIRED) gentoo-dev

2017-05-24 13:17:34 UTC

Added elfutils-0.169, arch teams please test and stabilize it.

Keywords for dev-libs/elfutils:
         |                                 |   u   |  
         | a a         p s   a     n r     |   n   |  
         | l m   h i   p p   r m m i i s   | e u s | r
         | p d a p a p c a x m i 6 o s 3   | a s l | e
         | h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p
         | a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o
---------+---------------------------------+-------+-------
[I]0.166 | + + + + + + + + + + ~ + o o + + | 5 o 0 | gentoo
   0.167 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ | 5 #   | gentoo
   0.168 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ | 5 #   | gentoo
   0.169 | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o o ~ ~ | 6 o   | gentoo

Comment 3 Michael Weber (RETIRED) gentoo-dev

2017-05-25 23:06:17 UTC

Package list?!

Comment 4 Manuel Rüger (RETIRED) gentoo-dev

2017-05-28 21:16:15 UTC

Please stabilize 0.169-r1 (it was revbumped straight to stable for https://bugs.gentoo.org/show_bug.cgi?id=619658 )

Comment 5 Markus Meier gentoo-dev

2017-06-01 04:33:42 UTC

arm stable

Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev

2017-06-18 21:09:26 UTC

ia64 stable

Single test fails (ia64-specific), but its not a regression. tracked in bug #501630

Comment 7 Andrey Ovcharov 2017-06-24 00:16:44 UTC

Created attachment 477754 [details, diff]
CVE-2017-7607.patch

Comment 8 Andrey Ovcharov 2017-06-24 00:17:10 UTC

Created attachment 477756 [details, diff]
CVE-2017-7608.patch

Comment 9 Agostino Sarubbo gentoo-dev

2017-07-13 09:31:54 UTC

test failures do not block security issues

Comment 10 Tobias Klausmann (RETIRED) gentoo-dev

2017-07-15 09:59:26 UTC

Stable on alpha.

Comment 11 Tobias Klausmann (RETIRED) gentoo-dev

2017-07-15 10:05:54 UTC

(In reply to Tobias Klausmann from comment #10)
> Stable on alpha.

Bullshit. Amd64 stable.

Comment 12 Tobias Klausmann (RETIRED) gentoo-dev

2017-07-16 11:11:39 UTC

Stable on alpha.

Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev

2017-08-18 21:03:32 UTC

x86 stable

Comment 14 Aaron Bauman (RETIRED) gentoo-dev

2017-09-10 22:10:31 UTC

sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9

Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-15 20:39:54 UTC

stable for hppa (thanks to Rolf Eike Beer)

Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-25 21:52:03 UTC

ppc stable

Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-26 08:59:12 UTC

ppc64 stable

Comment 18 Andreas K. Hüttel archtester

2017-10-03 20:06:55 UTC

All stable arches done.

Comment 19 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-03 20:20:12 UTC

(In reply to Andreas K. Hüttel from comment #18)
> All stable arches done.

Awesome, thank you all.

@Security please vote

Gentoo Security Padawan 
Christopher Díaz Riveros

Comment 20 Andreas K. Hüttel archtester

2017-10-04 10:50:03 UTC

Cleanup done. Toolchain out.

Comment 21 GLSAMaker/CVETool Bot gentoo-dev

2017-10-13 22:33:25 UTC

This issue was resolved and addressed in
 GLSA 201710-10 at https://security.gentoo.org/glsa/201710-10
by GLSA coordinator Aaron Bauman (b-man).

Comment 22 Sergei Trofimovich (RETIRED) gentoo-dev

2017-12-13 20:11:46 UTC

sparc stable (thanks to Rolf Eike Beer)