[3.6] binutils: Multiple vulnerabilities (CVE-2017-9038, CVE-2017-9039, CVE-2017-9040, CVE-2017-9041, CVE-2017-9042, CVE-2017-9043, CVE-2017-9044)
CVE-2017-9038: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash)
via a crafted ELF file,
related to the byte_get_little_endian function in elfcomm.c, the
get_unwind_section_word function in readelf.c, and ARM unwind
information that contains invalid word offsets.
References:
http://openwall.com/lists/oss-security/2017/05/18/7
https://nvd.nist.gov/vuln/detail/CVE-2017-9038
Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
CVE-2017-9039: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (memory consumption) via a
crafted ELF file with many program headers, related to the
get_program_headers function in readelf.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9039
http://openwall.com/lists/oss-security/2017/05/18/7
Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
CVE-2017-9040: GNU Binutils allows attackers to cause a denial of
service (NULL pointer dereference and application crash), related to
the
process_mips_specific function in readelf.c, via a crafted ELF file
that triggers a large memory-allocation attempt.
References:
http://openwall.com/lists/oss-security/2017/05/18/7
Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9041: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash)
via a crafted ELF file,
related to MIPS GOT mishandling in the process_mips_specific function
in readelf.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9041
Patches:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
CVE-2017-9042: readelf.c in GNU Binutils has a “cannot be
represented in type long” issue, which might allow attackers to cause a
denial of
service (application crash) or possibly have unspecified other impact
via a crafted ELF file.
References:
http://openwall.com/lists/oss-security/2017/05/18/7
https://nvd.nist.gov/vuln/detail/CVE-2017-9042
Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9043: readelf.c in GNU Binutils has a “shift exponent too
large for type unsigned long” issue, which might allow attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted ELF file.
References:
http://openwall.com/lists/oss-security/2017/05/18/7
Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
CVE-2017-9044: The print_symbol_for_build_attribute function in
readelf.c in GNU Binutils allows attackers to cause a denial of
service
(invalid read and SEGV) via a crafted ELF file.
References:
http://openwall.com/lists/oss-security/2017/05/18/7
https://nvd.nist.gov/vuln/detail/CVE-2017-9044
(from redmine: issue id 7315, created on 2017-05-23, closed on 2019-05-03)
- Relations:
- parent #7314
- Changesets:
- Revision f98d7993 on 2017-10-25T14:40:09Z:
main/binutils: security fix (CVE-2017-9038)
partially fixes #7315
- Revision d383182b by Natanael Copa on 2018-05-30T20:42:41Z:
main/binutils: upgrade to 2.30
fixes #7315
fixes #8881