AVG-276

Package binutils
Status Fixed
Severity High
Type multiple issues
Affected 2.28.0-4
Fixed 2.29.0-1
Current 2.31.1-3 [core]
Ticket None
Created Thu May 18 13:38:00 2017
Issue Severity Remote Type Description
CVE-2017-9044 Medium No Denial of service
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows attackers to cause a denial of service (invalid read and SEGV)...
CVE-2017-9043 Medium No Denial of service
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow attackers...
CVE-2017-9042 Medium No Denial of service
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow attackers to cause a...
CVE-2017-9041 Medium No Denial of service
GNU Binutils 2.28 allows attackers to cause a denial of service (heap- based buffer over-read and application crash) via a crafted ELF file, related to MIPS...
CVE-2017-9040 Medium No Denial of service
GNU Binutils 2017-04-03 allows attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific...
CVE-2017-9039 Medium No Denial of service
GNU Binutils 2.28 allows attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the...
CVE-2017-9038 Medium No Denial of service
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related...
CVE-2017-7210 Medium No Denial of service
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in...
CVE-2017-7209 Medium No Denial of service
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a...
CVE-2017-6969 Medium No Denial of service
It has been discovered that readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries.
CVE-2017-6966 High No Arbitrary code execution
readelf in GNU Binutils 2.28 has a use-after-free (specifically read- after-free) error while processing multiple, relocated sections in an MSP430 binary....
CVE-2017-6965 High No Arbitrary code execution
A vulnerability was found in the readelf utility; part of binutils. A crafted ELF executable or shared library could cause readelf to write arbitrary...
References
http://seclists.org/oss-sec/2017/q2/294
https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
Notes
2.29.0-1
Revisit all CVEs as some are not fixed and there is another group besides this one