Bug 22288 - binutils several new security issues
Summary: binutils several new security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/694783/
Whiteboard: MGA5-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-12-30 21:03 CET by David Walser
Modified: 2018-01-03 15:23 CET (History)
3 users (show)

See Also:
Source RPM: binutils-2.24-12.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-12-30 21:03:01 CET 
+++ This bug was initially created as a clone of Bug #18987 +++

Debian-LTS has issued an advisory on July 18:
http://lwn.net/Alerts/694764/

Cloning the bug for the Mageia 5 update.  This will sync it with the fixes already in Mageia 6.

Advisory:
========================

Updated binutils packages fix security vulnerabilities:

Exploitable buffer overflow (CVE-2016-2226).

Invalid write due to a use-after-free to array btypevec (CVE-2016-4487).

Invalid write due to a use-after-free to array ktypevec (CVE-2016-4488).

Invalid write due to integer overflow (CVE-2016-4489).

Write access violation (CVE-2016-4490).

Write access violations (CVE-2016-4492).

Read access violations (CVE-2016-4493).

Stack buffer overflow when printing bad bytes in Intel Hex objects
(CVE-2016-6131).

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read
while processing corrupt RL78 binaries. The vulnerability can trigger program
crashes. It may lead to an information leak as well (CVE-2017-6969).

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer
over-reads (of size 1 and size 8) while handling corrupt STABS enum type
strings in a crafted object file, leading to program crash (CVE-2017-7210).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210
https://lwn.net/Alerts/694764/
========================

Updated packages in core/updates_testing:
========================
binutils-2.24-12.1.mga5
libbinutils-devel-2.24-12.1.mga5

from binutils-2.24-12.1.mga5.src.rpm
Dave Hodgins 2018-01-01 08:42:17 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 1 Dave Hodgins 2018-01-03 13:49:21 CET 
Tested using readelf, ldd, etc. on various files in /bin.

Validating the update.

Whiteboard: (none) => MGA5-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 2 Mageia Robot 2018-01-03 15:23:46 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0046.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.