binutils-2.27-34.base.el7

エラータID: AXSA:2018-3397:04

Release date: 
Wednesday, November 7, 2018 - 23:26
Subject: 
binutils-2.27-34.base.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.

Security Fix(es):

* binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208)

* binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568)

* binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569)

* binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642)

* binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643)

* binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945)

* binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372)

* binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373)

* binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534)

* binutils: NULL pointer dereference in elf.c (CVE-2018-10535)

* binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-10372
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) via a crafted binary file, as demonstrated by
readelf.
CVE-2018-10373
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library
(aka libbfd), as distributed in GNU Binutils 2.30, allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via a crafted binary file, as demonstrated by
nm-new.
CVE-2018-10534
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in
the Binary File Descriptor (BFD) library (aka libbfd), as distributed
in GNU Binutils 2.30, processes a negative Data Directory size with an
unbounded loop that increases the value of
(external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its
own memory region, resulting in an out-of-bounds memory write, as
demonstrated by objcopy copying private info with
_bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
CVE-2018-10535
The ignore_section_sym function in elf.c in the Binary File Descriptor
(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does
not validate the output_section pointer in the case of a symtab entry
with a "SECTION" type that has a "0" value, which allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via a crafted file, as demonstrated by objcopy.
CVE-2018-13033
The Binary File Descriptor (BFD) library (aka libbfd), as distributed
in GNU Binutils 2.30, allows remote attackers to cause a denial of
service (excessive memory allocation and application crash) via a
crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in
elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution
of nm.
CVE-2018-7208
In the coff_pointerize_aux function in coffgen.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.30, an index is not validated, which allows remote attackers to cause
a denial of service (segmentation fault) or possibly have unspecified
other impact via a crafted file, as demonstrated by objcopy of a COFF
object.
CVE-2018-7568
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)
library (aka libbfd), as distributed in GNU Binutils 2.30, allows
remote attackers to cause a denial of service (integer overflow and
application crash) via an ELF file with corrupt dwarf1 debug
information, as demonstrated by nm.
CVE-2018-7569
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as
distributed in GNU Binutils 2.30, allows remote attackers to cause a
denial of service (integer underflow or overflow, and application
crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated
by nm.
CVE-2018-7642
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor
(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows
remote attackers to cause a denial of service
(aout_32_swap_std_reloc_out NULL pointer dereference and application
crash) via a crafted ELF file, as demonstrated by objcopy.
CVE-2018-7643
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30
allows remote attackers to cause a denial of service (integer overflow
and application crash) or possibly have unspecified other impact via a
crafted ELF file, as demonstrated by objdump.
CVE-2018-8945
The bfd_section_from_shdr function in elf.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.30, allows remote attackers to cause a denial of service
(segmentation fault) via a large attribute section.

Solution: 

Update packages.

CVEs: 
CVE-2018-10372
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
CVE-2018-10373
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
CVE-2018-10534
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
CVE-2018-10535
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
CVE-2018-13033
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
CVE-2018-7208
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.
CVE-2018-7568
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.
CVE-2018-7569
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.
CVE-2018-7642
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.
CVE-2018-7643
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
CVE-2018-8945
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
Additional Info: 

N/A

Download: 

SRPMS
  1. binutils-2.27-34.base.el7.src.rpm
    MD5: 05855c20f5038a645d796e959a378ead
    SHA-256: 1244f40baa6cae9796e1bb1369d1ee67d0270bb510ab893152fce399aeae2a4d
    Size: 24.39 MB

Asianux Server 7 for x86_64
  1. binutils-2.27-34.base.el7.x86_64.rpm
    MD5: 720e8f1bbade2077ad4d0442e82fa20e
    SHA-256: 5ffa843c5132076a4419df42901d59d8038e9d6b57d55173ac5edc35126b1a4b
    Size: 5.90 MB
  2. binutils-devel-2.27-34.base.el7.x86_64.rpm
    MD5: 0741ed80afe8cd623fa552f5e6a5310a
    SHA-256: 62d4b2be26b56ea585b1d0dc40804ec7ac529be4c173cabcd230ad0094589086
    Size: 876.91 kB
  3. binutils-devel-2.27-34.base.el7.i686.rpm
    MD5: 1d2221f8775f3426558fab900b6d70c0
    SHA-256: 4b58e9b8eb9266516b8c84d9d2c1fdd1c4b0dc0f54421a0367cb28942ea359ee
    Size: 916.41 kB