Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 682698 (CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700) - <sys-devel/binutils-2.32: Multiple vulnerabilities
Summary: <sys-devel/binutils-2.32: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-12641, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, CVE-2018-12700
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-06 17:22 UTC by Andreas K. Hüttel
Modified: 2019-08-09 21:01 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Hüttel archtester gentoo-dev 2019-04-06 17:22:15 UTC
Moving vulnerabilities here from bug 661154 which have been fixed in 2.32

> > > > CVE-2018-9138 (https://nvd.nist.gov/vuln/detail/CVE-2018-9138):
> > > >   An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in
> > > >   GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling
> > > >   functions provided by libiberty, and there are recursive stack frames:
> > > >   demangle_nested_args, demangle_args, do_arg, and do_type.
> > > 
> > > https://sourceware.org/bugzilla/show_bug.cgi?id=23008
> > > No action upstream so far.
> > Nick Clifton 2018-12-07 13:37:08 UTC
> > Fixed by recent merge with gcc libiberty sources.
> > => fixed in gentoo 2.32 branch


> > > > CVE-2018-12700 (https://nvd.nist.gov/vuln/detail/CVE-2018-12700):
> > > >   A Stack Exhaustion issue was discovered in debug_write_type in debug.c in
> > > >   GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
> > > 
> > > Problem is in libiberty.
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> > "Fixed with commit 266886."
> Fixed in 2.32


> > > > CVE-2018-12699 (https://nvd.nist.gov/vuln/detail/CVE-2018-12699):
> > > >   finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a
> > > >   denial of service (heap-based buffer overflow) or possibly have unspecified
> > > >   other impact, as demonstrated by an out-of-bounds write of 8 bytes. This
> > > > can
> > > >   occur during execution of objdump.
> > > 
> > > Problem is in libiberty.
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> > "Fixed with commit 266886."
> Fixed in 2.32


> > > > CVE-2018-12698 (https://nvd.nist.gov/vuln/detail/CVE-2018-12698):
> > > >   demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU
> > > >   Binutils 2.30, allows attackers to trigger excessive memory consumption
> > > > (aka
> > > >   OOM) during the "Create an array for saving the template argument values"
> > > >   XNEWVEC call. This can occur during execution of objdump.
> > > 
> > > Problem is in libiberty.
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> > "Fixed with commit 266886."
> Fixed in 2.32


> > > > CVE-2018-12697 (https://nvd.nist.gov/vuln/detail/CVE-2018-12697):
> > > >   A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was
> > > >   discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as
> > > >   distributed in GNU Binutils 2.30. This can occur during execution of
> > > >   objdump.
> > > 
> > > Problem is in libiberty.
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
> > "Fixed with commit 266886."
> Fixed in 2.32


> > > > CVE-2018-12641 (https://nvd.nist.gov/vuln/detail/CVE-2018-12641):
> > > >   An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as
> > > >   distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++
> > > >   demangling functions provided by libiberty, and there are recursive stack
> > > >   frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type,
> > > >   do_type, do_arg, demangle_args, and demangle_nested_args. This can occur
> > > >   during execution of nm-new.
> > > 
> > > Problem is in libiberty.
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
> > "Fixed with commit 266886"
> Fixed in 2.32
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2019-08-03 11:23:59 UTC
This issue was resolved and addressed in
 GLSA 201908-01 at https://security.gentoo.org/glsa/201908-01
by GLSA coordinator Aaron Bauman (b-man).
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-08-03 11:25:14 UTC
@toolchain, please expand mask/cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2019-08-09 20:55:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee7f5d78dba6382df116603c3a64b53bf97f885e

commit ee7f5d78dba6382df116603c3a64b53bf97f885e
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2019-08-09 20:54:32 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2019-08-09 20:54:32 +0000

    package.mask: extend binutils mask to newer versions, bug 682698
    
    Bug: https://bugs.gentoo.org/682698
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 profiles/package.mask | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2019-08-09 20:56:31 UTC
All affected versions masked, no cleanup. Please proceed.