Low: binutils

Issue Overview:

An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.(CVE-2018-7568)

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a “SECTION” type that has a “0” value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.(CVE-2018-10535)

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.(CVE-2018-7643)

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.(CVE-2018-10373)

The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.(CVE-2018-6323)

An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.(CVE-2018-7569)

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.(CVE-2018-13033)

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.(CVE-2018-10372)

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.(CVE-2018-7208)

Affected Packages:

binutils

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update binutils to update your system.

New Packages:

aarch64:  
    binutils-2.29.1-27.amzn2.0.1.aarch64  
    binutils-devel-2.29.1-27.amzn2.0.1.aarch64  
    binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64  
  
i686:  
    binutils-2.29.1-27.amzn2.0.1.i686  
    binutils-devel-2.29.1-27.amzn2.0.1.i686  
    binutils-debuginfo-2.29.1-27.amzn2.0.1.i686  
  
src:  
    binutils-2.29.1-27.amzn2.0.1.src  
  
x86_64:  
    binutils-2.29.1-27.amzn2.0.1.x86_64  
    binutils-devel-2.29.1-27.amzn2.0.1.x86_64  
    binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64  

Additional References

Red Hat: CVE-2018-10372, CVE-2018-10373, CVE-2018-10535, CVE-2018-13033, CVE-2018-6323, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7643

Mitre: CVE-2018-10372, CVE-2018-10373, CVE-2018-10535, CVE-2018-13033, CVE-2018-6323, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7643