Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 678806 (CVE-2019-9070, CVE-2019-9071, CVE-2019-9072, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9076, CVE-2019-9077) - <sys-devel/binutils-2.35: multiple vulnerabilities
Summary: <sys-devel/binutils-2.35: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2019-9070, CVE-2019-9071, CVE-2019-9072, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9076, CVE-2019-9077
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [stable wait]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-26 06:39 UTC by D'juan McDonald (domhnall)
Modified: 2020-08-04 23:35 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-02-26 06:39:45 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-9077):
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24243

(https://nvd.nist.gov/vuln/detail/CVE-2019-9076):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

Note: upstream ruling as normal behavior and WONTFIX
https://sourceware.org/bugzilla/show_bug.cgi?id=24238


(https://nvd.nist.gov/vuln/detail/CVE-2019-9075):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24236

(https://nvd.nist.gov/vuln/detail/CVE-2019-9074):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24235

(https://nvd.nist.gov/vuln/detail/CVE-2019-9073):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24233

(https://nvd.nist.gov/vuln/detail/CVE-2019-9072):
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

Upstream Reference: (WONTFIX) https://sourceware.org/bugzilla/show_bug.cgi?id=24232


(https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227

(https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229

Gentoo Security Padawan
(domhnall)
Comment 1 Andreas K. Hüttel gentoo-dev 2019-06-03 05:54:18 UTC
> (https://nvd.nist.gov/vuln/detail/CVE-2019-9077):
> An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer
> overflow in process_mips_specific in readelf.c via a malformed MIPS option
> section.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24243

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9076):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> memory allocation in elf_read_notes in elf.c.
> 
> Note: upstream ruling as normal behavior and WONTFIX
> https://sourceware.org/bugzilla/show_bug.cgi?id=24238

No action.


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9075):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer
> overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24236

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9074):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read
> leading to a SEGV in bfd_getl32 in libbfd.c, when called from
> pex64_get_runtime_function in pei-x86_64.c.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24235

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9073):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> memory allocation in _bfd_elf_slurp_version_tables in elf.c.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24233

Fixed in Gentoo 2.32 branch, will be in patchset 3


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9072):
> An issue was discovered in the Binary File Descriptor (BFD) library (aka
> libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> memory allocation in setup_group in elf.c.
> 
> Upstream Reference: (WONTFIX)
> https://sourceware.org/bugzilla/show_bug.cgi?id=24232

Upstream not-a-bug


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
> An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> 2.32. It is a stack consumption issue in d_count_templates_scopes in
> cp-demangle.c after many recursive calls.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227

Problem is in libiberty


> (https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
> An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
> after many recursive calls.
> 
> Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229

Problem is in libiberty
Comment 2 Sam James gentoo-dev Security 2020-06-20 01:27:32 UTC
(In reply to Andreas K. Hüttel from comment #1)
> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
> > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > 2.32. It is a stack consumption issue in d_count_templates_scopes in
> > cp-demangle.c after many recursive calls.
> > 
> > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
> 
> Problem is in libiberty
> 

Fixed in binutils 2.35 (upcoming): https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394#c10

> 
> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
> > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
> > after many recursive calls.
> > 
> > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
> 
> Problem is in libiberty

Seems to be same as above, fixed in 2.35.
Comment 3 Alexander Sergeyev 2020-07-29 06:10:19 UTC
(In reply to Sam James from comment #2)
> Fixed in binutils 2.35 (upcoming):

Binutils 2.35 is now available: https://sourceware.org/pipermail/binutils/2020-July/112530.html
Comment 4 Andreas K. Hüttel gentoo-dev 2020-07-31 14:27:41 UTC
> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9076):
> > An issue was discovered in the Binary File Descriptor (BFD) library (aka
> > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> > memory allocation in elf_read_notes in elf.c.
> > 
> > Note: upstream ruling as normal behavior and WONTFIX
> > https://sourceware.org/bugzilla/show_bug.cgi?id=24238
> 
> No action.

Still no action.
Recommend ignoring this CVE.

> > (https://nvd.nist.gov/vuln/detail/CVE-2019-9072):
> > An issue was discovered in the Binary File Descriptor (BFD) library (aka
> > libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive
> > memory allocation in setup_group in elf.c.
> > 
> > Upstream Reference: (WONTFIX)
> > https://sourceware.org/bugzilla/show_bug.cgi?id=24232
> 
> Upstream not-a-bug

Still no action. 
Recommend ignoring this CVE.


(In reply to Sam James from comment #2)
> (In reply to Andreas K. Hüttel from comment #1)
> > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9071):
> > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > > 2.32. It is a stack consumption issue in d_count_templates_scopes in
> > > cp-demangle.c after many recursive calls.
> > > 
> > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
> > 
> > Problem is in libiberty
> 
> Fixed in binutils 2.35 (upcoming):
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394#c10

Yep, fixed in binutils-2.35
Too big for backporting.

> > > (https://nvd.nist.gov/vuln/detail/CVE-2019-9070):
> > > An issue was discovered in GNU libiberty, as distributed in GNU Binutils
> > > 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c
> > > after many recursive calls.
> > > 
> > > Upstream Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
> > 
> > Problem is in libiberty
> 
> Seems to be same as above, fixed in 2.35.

Yep, fixed in binutils-2.35
Too big for backporting.