Bugzilla – Bug 776968
VUL-1: CVE-2012-3509: binutils: libiberty integer overflow
Last modified: 2019-05-22 00:56:21 UTC
Sang Kil Cha discovered that _objalloc_alloc does not guard the addition of CHUNK_HEADER_SIZE to the length against overflow. This can cause _objalloc_alloc to return a pointer to a memory region which is smaller than expected. The pointer alignment arithmetic in the objalloc_alloc macro misses an overflow check as well, with similar consequences. GCC bug: http://gcc.gnu.org/bugzilla/show_activity.cgi?id=54411 Patch under review: http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html (I believe GCC has the master copy of this file, but does not use it itself. libiberty is part of binutils and GDB, too.)
Talked with richi ... we both could not think about exploitability ... if you can supply executables to stuff then you likely already have rights to execute them. So a minor issue. It will be fixed in future products.
This is an autogenerated message for OBS integration: This bug (776968) was mentioned in https://build.opensuse.org/request/show/133496 Factory / binutils
Fixed.
SUSE-OU-2015:1803-1: An update that solves one vulnerability and has 6 fixes is now available. Category: optional (low) Bug References: 776968,877566,891040,896586,936050,943792,945634 CVE References: CVE-2012-3509 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): binutils-2.25.0-5.5, cross-ppc-binutils-2.25.0-5.7, cross-spu-binutils-2.25.0-5.7, gcc5-5.2.1+r226025-2.4, gdb-7.9.1-3.2, libffi-gcc5-5.2.1+r226025-2.1 SUSE Linux Enterprise Server 11-SP4 (src): binutils-2.25.0-5.5, gcc5-5.2.1+r226025-2.4, gdb-7.9.1-3.2, libffi-gcc5-5.2.1+r226025-2.1 SUSE Linux Enterprise Desktop 11-SP4 (src): binutils-2.25.0-5.5, gcc5-5.2.1+r226025-2.4, gdb-7.9.1-3.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): binutils-2.25.0-5.5, cross-ppc-binutils-2.25.0-5.7, cross-spu-binutils-2.25.0-5.7, gcc5-5.2.1+r226025-2.4, gdb-7.9.1-3.2, libffi-gcc5-5.2.1+r226025-2.1
SUSE-SU-2017:3170-1: An update that solves 57 vulnerabilities and has 18 fixes is now available. Category: security (moderate) Bug References: 1003846,1025282,1029907,1029908,1029909,1029995,1030296,1030297,1030298,1030583,1030584,1030585,1030588,1030589,1031590,1031593,1031595,1031638,1031644,1031656,1033122,1037052,1037057,1037061,1037062,1037066,1037070,1037072,1037273,1038874,1038875,1038876,1038877,1038878,1038880,1038881,1044891,1044897,1044901,1044909,1044925,1044927,1046094,1052061,1052496,1052503,1052507,1052509,1052511,1052514,1052518,1053347,1056312,1056437,1057139,1057144,1057149,1058480,1059050,1060599,1060621,1061241,437293,445037,546106,561142,578249,590820,691290,698346,713504,776968,863764,938658,970239 CVE References: CVE-2014-9939,CVE-2017-12448,CVE-2017-12450,CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12456,CVE-2017-12799,CVE-2017-13757,CVE-2017-14128,CVE-2017-14129,CVE-2017-14130,CVE-2017-14333,CVE-2017-14529,CVE-2017-14729,CVE-2017-14745,CVE-2017-14974,CVE-2017-6965,CVE-2017-6966,CVE-2017-6969,CVE-2017-7209,CVE-2017-7210,CVE-2017-7223,CVE-2017-7224,CVE-2017-7225,CVE-2017-7226,CVE-2017-7227,CVE-2017-7299,CVE-2017-7300,CVE-2017-7301,CVE-2017-7302,CVE-2017-7303,CVE-2017-7304,CVE-2017-7614,CVE-2017-8392,CVE-2017-8393,CVE-2017-8394,CVE-2017-8395,CVE-2017-8396,CVE-2017-8397,CVE-2017-8398,CVE-2017-8421,CVE-2017-9038,CVE-2017-9039,CVE-2017-9040,CVE-2017-9041,CVE-2017-9042,CVE-2017-9043,CVE-2017-9044,CVE-2017-9746,CVE-2017-9747,CVE-2017-9748,CVE-2017-9750,CVE-2017-9755,CVE-2017-9756,CVE-2017-9954,CVE-2017-9955 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): binutils-2.29.1-9.20.2, cross-ppc-binutils-2.29.1-9.20.2, cross-spu-binutils-2.29.1-9.20.2 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): binutils-2.29.1-9.20.2, cross-ppc-binutils-2.29.1-9.20.2, cross-spu-binutils-2.29.1-9.20.2 SUSE Linux Enterprise Server for SAP 12-SP1 (src): binutils-2.29.1-9.20.2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): binutils-2.29.1-9.20.2 SUSE Linux Enterprise Server 12-SP3 (src): binutils-2.29.1-9.20.2 SUSE Linux Enterprise Server 12-SP2 (src): binutils-2.29.1-9.20.2 SUSE Linux Enterprise Desktop 12-SP3 (src): binutils-2.29.1-9.20.2 SUSE Linux Enterprise Desktop 12-SP2 (src): binutils-2.29.1-9.20.2 OpenStack Cloud Magnum Orchestration 7 (src): binutils-2.29.1-9.20.2
openSUSE-SU-2017:3199-1: An update that solves 57 vulnerabilities and has 18 fixes is now available. Category: security (moderate) Bug References: 1003846,1025282,1029907,1029908,1029909,1029995,1030296,1030297,1030298,1030583,1030584,1030585,1030588,1030589,1031590,1031593,1031595,1031638,1031644,1031656,1033122,1037052,1037057,1037061,1037062,1037066,1037070,1037072,1037273,1038874,1038875,1038876,1038877,1038878,1038880,1038881,1044891,1044897,1044901,1044909,1044925,1044927,1046094,1052061,1052496,1052503,1052507,1052509,1052511,1052514,1052518,1053347,1056312,1056437,1057139,1057144,1057149,1058480,1059050,1060599,1060621,1061241,437293,445037,546106,561142,578249,590820,691290,698346,713504,776968,863764,938658,970239 CVE References: CVE-2014-9939,CVE-2017-12448,CVE-2017-12450,CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12456,CVE-2017-12799,CVE-2017-13757,CVE-2017-14128,CVE-2017-14129,CVE-2017-14130,CVE-2017-14333,CVE-2017-14529,CVE-2017-14729,CVE-2017-14745,CVE-2017-14974,CVE-2017-6965,CVE-2017-6966,CVE-2017-6969,CVE-2017-7209,CVE-2017-7210,CVE-2017-7223,CVE-2017-7224,CVE-2017-7225,CVE-2017-7226,CVE-2017-7227,CVE-2017-7299,CVE-2017-7300,CVE-2017-7301,CVE-2017-7302,CVE-2017-7303,CVE-2017-7304,CVE-2017-7614,CVE-2017-8392,CVE-2017-8393,CVE-2017-8394,CVE-2017-8395,CVE-2017-8396,CVE-2017-8397,CVE-2017-8398,CVE-2017-8421,CVE-2017-9038,CVE-2017-9039,CVE-2017-9040,CVE-2017-9041,CVE-2017-9042,CVE-2017-9043,CVE-2017-9044,CVE-2017-9746,CVE-2017-9747,CVE-2017-9748,CVE-2017-9750,CVE-2017-9755,CVE-2017-9756,CVE-2017-9954,CVE-2017-9955 Sources used: openSUSE Leap 42.3 (src): binutils-2.29.1-13.1, cross-aarch64-binutils-2.29.1-13.1, cross-arm-binutils-2.29.1-13.1, cross-avr-binutils-2.29.1-13.1, cross-hppa-binutils-2.29.1-13.1, cross-hppa64-binutils-2.29.1-13.1, cross-i386-binutils-2.29.1-13.1, cross-ia64-binutils-2.29.1-13.1, cross-m68k-binutils-2.29.1-13.1, cross-mips-binutils-2.29.1-13.1, cross-ppc-binutils-2.29.1-13.1, cross-ppc64-binutils-2.29.1-13.1, cross-ppc64le-binutils-2.29.1-13.1, cross-s390-binutils-2.29.1-13.1, cross-s390x-binutils-2.29.1-13.1, cross-sparc-binutils-2.29.1-13.1, cross-sparc64-binutils-2.29.1-13.1, cross-spu-binutils-2.29.1-13.1, cross-x86_64-binutils-2.29.1-13.1 openSUSE Leap 42.2 (src): binutils-2.29.1-9.6.1, cross-aarch64-binutils-2.29.1-9.6.1, cross-arm-binutils-2.29.1-9.6.1, cross-avr-binutils-2.29.1-9.6.1, cross-hppa-binutils-2.29.1-9.6.1, cross-hppa64-binutils-2.29.1-9.6.1, cross-i386-binutils-2.29.1-9.6.1, cross-ia64-binutils-2.29.1-9.6.1, cross-m68k-binutils-2.29.1-9.6.1, cross-mips-binutils-2.29.1-9.6.1, cross-ppc-binutils-2.29.1-9.6.1, cross-ppc64-binutils-2.29.1-9.6.1, cross-ppc64le-binutils-2.29.1-9.6.1, cross-s390-binutils-2.29.1-9.6.1, cross-s390x-binutils-2.29.1-9.6.1, cross-sparc-binutils-2.29.1-9.6.1, cross-sparc64-binutils-2.29.1-9.6.1, cross-spu-binutils-2.29.1-9.6.1, cross-x86_64-binutils-2.29.1-9.6.1