Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 651576 (CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7643, CVE-2018-8945) - <sys-devel/binutils-2.30-r2: Multiple vulnerabilities
Summary: <sys-devel/binutils-2.30-r2: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7643, CVE-2018-8945
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa cve]
Keywords:
Depends on: binutils-2.30-stable
Blocks: CVE-2017-14933 CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829, CVE-2017-16830, CVE-2017-16831, CVE-2017-16832 CVE-2017-17080 CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, CVE-2017-17124, CVE-2017-17125, CVE-2017-17126 647798 CVE-2018-7642
  Show dependency tree
 
Reported: 2018-03-26 13:31 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-24 21:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-26 13:31:18 UTC
CVE-2018-8945 (https://nvd.nist.gov/vuln/detail/CVE-2018-8945):
  The bfd_section_from_shdr function in elf.c in the Binary File Descriptor
  (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows
  remote attackers to cause a denial of service (segmentation fault) via a
  large attribute section.

CVE-2018-7643 (https://nvd.nist.gov/vuln/detail/CVE-2018-7643):
  The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows
  remote attackers to cause a denial of service (integer overflow and
  application crash) or possibly have unspecified other impact via a crafted
  ELF file, as demonstrated by objdump.

CVE-2018-7570 (https://nvd.nist.gov/vuln/detail/CVE-2018-7570):
  The assign_file_positions_for_non_load_sections function in elf.c in the
  Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
  Binutils 2.30, allows remote attackers to cause a denial of service (NULL
  pointer dereference and application crash) via an ELF file with a RELRO
  segment that lacks a matching LOAD segment, as demonstrated by objcopy.

CVE-2018-7569 (https://nvd.nist.gov/vuln/detail/CVE-2018-7569):
  dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as
  distributed in GNU Binutils 2.30, allows remote attackers to cause a denial
  of service (integer underflow or overflow, and application crash) via an ELF
  file with a corrupt DWARF FORM block, as demonstrated by nm.

CVE-2018-7568 (https://nvd.nist.gov/vuln/detail/CVE-2018-7568):
  The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)
  library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote
  attackers to cause a denial of service (integer overflow and application
  crash) via an ELF file with corrupt dwarf1 debug information, as
  demonstrated by nm.

CVE-2018-7208 (https://nvd.nist.gov/vuln/detail/CVE-2018-7208):
  In the coff_pointerize_aux function in coffgen.c in the Binary File
  Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
  an index is not validated, which allows remote attackers to cause a denial
  of service (segmentation fault) or possibly have unspecified other impact
  via a crafted file, as demonstrated by objcopy of a COFF object.
Comment 1 Andreas K. Hüttel gentoo-dev 2018-04-29 19:35:55 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2018-8945 (https://nvd.nist.gov/vuln/detail/CVE-2018-8945):
>   The bfd_section_from_shdr function in elf.c in the Binary File Descriptor
>   (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows
>   remote attackers to cause a denial of service (segmentation fault) via a
>   large attribute section.

No fix committed upstream yet.

> CVE-2018-7643 (https://nvd.nist.gov/vuln/detail/CVE-2018-7643):
>   The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows
>   remote attackers to cause a denial of service (integer overflow and
>   application crash) or possibly have unspecified other impact via a crafted
>   ELF file, as demonstrated by objdump.

Fix queued for binutils 2.30 patchset 2 (backport from upstream master)

> CVE-2018-7570 (https://nvd.nist.gov/vuln/detail/CVE-2018-7570):
>   The assign_file_positions_for_non_load_sections function in elf.c in the
>   Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
>   Binutils 2.30, allows remote attackers to cause a denial of service (NULL
>   pointer dereference and application crash) via an ELF file with a RELRO
>   segment that lacks a matching LOAD segment, as demonstrated by objcopy.

Nontrivial backport from upstream master, deferred

> CVE-2018-7569 (https://nvd.nist.gov/vuln/detail/CVE-2018-7569):
>   dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as
>   distributed in GNU Binutils 2.30, allows remote attackers to cause a denial
>   of service (integer underflow or overflow, and application crash) via an
> ELF
>   file with a corrupt DWARF FORM block, as demonstrated by nm.

Fix queued for binutils 2.30 patchset 2 (backport from upstream master)

> CVE-2018-7568 (https://nvd.nist.gov/vuln/detail/CVE-2018-7568):
>   The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)
>   library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote
>   attackers to cause a denial of service (integer overflow and application
>   crash) via an ELF file with corrupt dwarf1 debug information, as
>   demonstrated by nm.

Fix queued for binutils 2.30 patchset 2 (backport from upstream master)

> CVE-2018-7208 (https://nvd.nist.gov/vuln/detail/CVE-2018-7208):
>   In the coff_pointerize_aux function in coffgen.c in the Binary File
>   Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30,
>   an index is not validated, which allows remote attackers to cause a denial
>   of service (segmentation fault) or possibly have unspecified other impact
>   via a crafted file, as demonstrated by objcopy of a COFF object.

Fix queued for binutils 2.30 patchset 2 (backport from upstream master)
Comment 2 Larry the Git Cow gentoo-dev 2018-04-29 20:08:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c7fe7564dc60dd6caa3afd787728acb43fc7abe

commit 8c7fe7564dc60dd6caa3afd787728acb43fc7abe
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2018-04-29 20:07:56 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2018-04-29 20:08:06 +0000

    sys-devel/binutils: Revision bump (no keywords), 2.30 patchset 2
    
    Bug: https://bugs.gentoo.org/502492
    Bug: https://bugs.gentoo.org/647798
    Bug: https://bugs.gentoo.org/647296
    Bug: https://bugs.gentoo.org/649690
    Bug: https://bugs.gentoo.org/651576
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 sys-devel/binutils/Manifest                |   1 +
 sys-devel/binutils/binutils-2.30-r2.ebuild | 417 +++++++++++++++++++++++++++++
 2 files changed, 418 insertions(+)}
Comment 3 Andreas K. Hüttel gentoo-dev 2019-03-24 20:53:03 UTC
Nothing to do for toolchain here anymore.