ASA-201906-3 generated external raw

[ASA-201906-3] binutils: multiple issues
Arch Linux Security Advisory ASA-201906-3 ========================================= Severity: High Date : 2019-06-04 CVE-ID : CVE-2018-19931 CVE-2018-19932 CVE-2018-20002 CVE-2018-20712 Package : binutils Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-832 Summary ======= The package <a href="/package/binutils">binutils</a> before version 2.32-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 2.32-1. # pacman -Syu "binutils>=2.32-1" The problems have been fixed upstream in version 2.32. Workaround ========== None. Description =========== - CVE-2018-19931 (arbitrary code execution) An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU <a href="/package/binutils">Binutils</a> through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. - CVE-2018-19932 (denial of service) An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU <a href="/package/binutils">Binutils</a> through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. - CVE-2018-20002 (denial of service) The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. - CVE-2018-20712 (denial of service) A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU <a href="/package/binutils">Binutils</a> 2.31.1. A crafted input can cause segmentation faults, leading to denial-of- service, as demonstrated by c++filt. Impact ====== An attacker is able to crash or execute arbitrary code on a process that uses libbfd functions by providing a malicious object file. References ========== https://www.securityfocus.com/bid/106144 https://www.securityfocus.com/bid/106142 https://sourceware.org/bugzilla/show_bug.cgi?id=23942 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07 https://sourceware.org/bugzilla/show_bug.cgi?id=23932 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7 https://sourceware.org/bugzilla/show_bug.cgi?id=23952 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9 http://www.securityfocus.com/bid/106563 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629 https://sourceware.org/bugzilla/show_bug.cgi?id=24043 https://security.archlinux.org/CVE-2018-19931 https://security.archlinux.org/CVE-2018-19932 https://security.archlinux.org/CVE-2018-20002 https://security.archlinux.org/CVE-2018-20712