198824 – [security] multiple vulnerabilities in contrib/binutils

Bug 198824 - [security] multiple vulnerabilities in contrib/binutils

Summary: [security] multiple vulnerabilities in contrib/binutils

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	gnu (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	Normal Affects Some People
Assignee:	Ed Maste

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-23 08:24 UTC by Sevan Janiyan
Modified:	2017-11-30 18:16 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2015-03-23 08:24:44 UTC

CVEs
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503

Patches:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff;f=bfd/peXXigen.c;h=987be407737415bf0a2148989c6c02aaf3bc60ab;hp=2fb631c5a7687ce634f866116f5592e0a16621f7;hb=7e1e19887abd24aeb15066b141cdff5541e0ec8e;hpb=493a33860c71cac998f1a56d6d87d6faa801fbaa

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff;f=bfd/peXXigen.c;h=1a5cb3135d59dee12999997169ca507989c05da6;hp=61290852ab13d25401fc0126ff40b3cc24e86a88;hb=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339;hpb=1df4399f27f8ee817d8eb4c73bba42bb65844303

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff;f=bfd/ihex.c;h=9b3b81387984019b424b10883235eab9fdbafe9a;hp=8d3590d670e9c34a2a98642f31fdac9ebea739f1;hb=0102ea8cec5fc509bba6c91df61b7ce23a799d32;hpb=7e760b06b212f01b3819d5b37e8f5b613e0db34c

Comment 1 Sevan Janiyan 2015-05-21 11:55:18 UTC

ping!

Comment 2 Xin LI freebsd_committer

2015-06-01 20:30:19 UTC

Take.  This only affects those who use the base system binutils but we would issue a SA for it anyway once we get a changeset that is licensed under the same license of base system binutils or have the functionality removed permanently.

Comment 3 Mark Felder freebsd_committer

2016-01-08 18:53:02 UTC

Just checking in on this

Comment 4 commit-hook freebsd_committer

2017-11-23 14:31:41 UTC

A commit references this bug:

Author: emaste
Date: Thu Nov 23 14:30:42 UTC 2017
New revision: 326135
URL: https://svnweb.freebsd.org/changeset/base/326135

Log:
  bfd: fix segfault in the ihex parser on malformed ihex file

  From binutils commit 0102ea8cec5fc509bba6c91df61b7ce23a799d32, made
  available under GPLv2 by Nick Clifton.

  PR:		198824
  MFC after:	1 week
  Security:	CVE-2014-8503

Changes:
  head/contrib/binutils/bfd/ihex.c

Comment 5 commit-hook freebsd_committer

2017-11-23 16:05:00 UTC

A commit references this bug:

Author: emaste
Date: Thu Nov 23 16:04:52 UTC 2017
New revision: 326136
URL: https://svnweb.freebsd.org/changeset/base/326136

Log:
  bfd: avoid crash on corrupt binaries

  From binutils commits 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 and
  7e1e19887abd24aeb15066b141cdff5541e0ec8e, made available under GPLv2
  by Nick Clifton.

  PR:		198824
  MFC after:	1 week
  Security:	CVE-2014-8501
  Security:	CVE-2014-8502

Changes:
  head/contrib/binutils/bfd/peXXigen.c

Comment 6 Ed Maste freebsd_committer

2017-11-23 18:58:15 UTC

Note there are additional ways in which binutils poorly handles malformed input. I have merged these changes as they were identified here and Nick Clifton gave permission to apply them under GPLv2.

Comment 7 commit-hook freebsd_committer

2017-11-30 00:25:33 UTC

A commit references this bug:

Author: emaste
Date: Thu Nov 30 00:24:28 UTC 2017
New revision: 326379
URL: https://svnweb.freebsd.org/changeset/base/326379

Log:
  MFC r326136: bfd: avoid crash on corrupt binaries

  From binutils commits 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 and
  7e1e19887abd24aeb15066b141cdff5541e0ec8e, made available under GPLv2
  by Nick Clifton.

  PR:		198824
  Security:	CVE-2014-8501
  Security:	CVE-2014-8502

Changes:
_U  stable/11/
  stable/11/contrib/binutils/bfd/peXXigen.c

Comment 8 commit-hook freebsd_committer

2017-11-30 00:25:36 UTC

A commit references this bug:

Author: emaste
Date: Thu Nov 30 00:25:26 UTC 2017
New revision: 326380
URL: https://svnweb.freebsd.org/changeset/base/326380

Log:
  MFC r326136: bfd: avoid crash on corrupt binaries

  From binutils commits 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 and
  7e1e19887abd24aeb15066b141cdff5541e0ec8e, made available under GPLv2
  by Nick Clifton.

  PR:		198824
  Security:	CVE-2014-8501
  Security:	CVE-2014-8502

Changes:
_U  stable/10/
  stable/10/contrib/binutils/bfd/peXXigen.c

Comment 9 commit-hook freebsd_committer

2017-11-30 00:27:40 UTC

A commit references this bug:

Author: emaste
Date: Thu Nov 30 00:26:45 UTC 2017
New revision: 326381
URL: https://svnweb.freebsd.org/changeset/base/326381

Log:
  MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file

  From binutils commit 0102ea8cec5fc509bba6c91df61b7ce23a799d32, made
  available under GPLv2 by Nick Clifton.

  PR:		198824
  Security:	CVE-2014-8503

Changes:
_U  stable/11/
  stable/11/contrib/binutils/bfd/ihex.c

Comment 10 commit-hook freebsd_committer

2017-11-30 00:28:43 UTC

A commit references this bug:

Author: emaste
Date: Thu Nov 30 00:27:49 UTC 2017
New revision: 326382
URL: https://svnweb.freebsd.org/changeset/base/326382

Log:
  MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file

  From binutils commit 0102ea8cec5fc509bba6c91df61b7ce23a799d32, made
  available under GPLv2 by Nick Clifton.

  PR:		198824
  Security:	CVE-2014-8503

Changes:
_U  stable/10/
  stable/10/contrib/binutils/bfd/ihex.c

Comment 11 Ed Maste freebsd_committer

2017-11-30 18:16:56 UTC

Those changes committed and merged to stable/11 and stable/10.

Other issues remain in our outdated binutils, mitigated somewhat by the fact that we now use only three binutils: as, ld, objdump. I'm happy to bring in additional fixes for these kinds of issues if we're able to obtain permission to use them under GPLv2.