binutils 2.30-r1 security vulnerabilities
The latest binutils package contains the following vulnerabilities issues:
CVE-2018-6759
medium
5.5
binutils
2.30-r1
The bfd_get_debug_link_info_1 function in opncls.c in the Binary
File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Binutils 2.30, has an unchecked strnlen operation. Remote attackers
could leverage this vulnerability to cause a denial of service
(segmentation fault) via a crafted ELF file.
CVE-2018-7643
high
7.8
binutils
2.30-r1
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30
allows remote attackers to cause a denial of service (integer overflow
and application crash) or possibly have unspecified other impact via a
crafted ELF file, as demonstrated by objdump.
CVE-2018-7642
medium
5.5
binutils
2.30-r1
The swap_std_reloc_in function in aoutx.h in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.30, allows remote attackers to cause a denial of service
(aout_32_swap_std_reloc_out NULL pointer dereference and
application crash) via a crafted ELF file, as demonstrated by objcopy.
CVE-2018-7568
medium
5.5
binutils
2.30-r1
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)
library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote
attackers to cause a denial of service (integer overflow and application
crash) via an ELF file with corrupt dwarf1 debug information, as
demonstrated by nm.
CVE-2018-8945
medium
5.5
binutils
2.30-r1
The bfd_section_from_shdr function in elf.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.30, allows remote attackers to cause a denial of service (segmentation
fault) via a large attribute section.
CVE-2018-7569
medium
5.5
binutils
2.30-r1
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as
distributed in GNU Binutils 2.30, allows remote attackers to cause a
denial of service (integer underflow or overflow, and application crash)
via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.
CVE-2018-7208
high
7.8
binutils
2.30-r1
In the coff_pointerize_aux function in coffgen.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.30, an index is not validated, which allows remote attackers to cause
a denial of service (segmentation fault) or possibly have unspecified
other impact via a crafted file, as demonstrated by objcopy of a COFF
object.
CVE-2018-7570
medium
5.5
binutils
2.30-r1
The assign_file_positions_for_non_load_sections function in elf.c
in the Binary File Descriptor (BFD) library (aka libbfd), as distributed
in GNU Binutils 2.30, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via an ELF file
with a RELRO segment that lacks a matching LOAD segment, as demonstrated
by objcopy.
CVE-2018-9996
medium
5.5
binutils
2.30-r1
an issue was discovered in cplus-dem.c in gnu libiberty, as distributed
in gnu binutils 2.30. stack exhaustion occurs in the c demangling functions provided by libiberty,
and there are recursive stack frames: demangle_template_value_parm,
demangle_integral_value, and demangle_expression.
CVE-2018-6872
medium
5.5
binutils
2.30-r1
The elf_parse_notes function in elf.c in the Binary File Descriptor
(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows
remote attackers to cause a denial of service (out-of-bounds read and
segmentation violation) via a note with a large alignment.
CVE-2018-6543
high
7.8
binutils
2.30-r1
In GNU Binutils 2.30, there\’s an integer overflow in the function
load_specific_debug_section() in objdump.c, which results in
`malloc()` with 0 size. A crafted ELF file allows remote attackers to
cause a denial of service (application crash) or possibly have
unspecified other impact.
CVE-2018-9138
medium
5.5
binutils
2.30-r1
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed
in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C demangling functions provided by libiberty,
and there are recursive stack frames: demangle_nested_args,
demangle_args, do_arg, and do_type.
Almost all CVE’s have already been patched in the upstream. It would be awesome to have these in Alpine version 3.6 and 3.7 packages as well
(from redmine: issue id 8959, created on 2018-06-01)