Bugzilla – Bug 903655
VUL-0: CVE-2014-8501: binutils: Multiple memory corruption issues in binary parsers of libbfd
Last modified: 2016-02-05 03:35:35 UTC
Created attachment 612163 [details] file sefaulting strings Multiple issues were discovered in binutils. Attached is one file that segfaults strings on OpenSUSE 13.1 and SLES 11 SP3. To make our process faster and better we need you to provide the information for each maintained product where it is currently missing: Affected | binutils | |====================== sled11-sp3 | y | sles10-sp3-teradata | ? | sles11-sp1-teradata | ? | sles11-sp3 | y | Please also consider OpenSUSE (12.3, 13.1, Factory) If you are in doubt about certain code sequences being vulnerable, we will assist you. CVE listing: > a crasher in the PE parser, I don't know if this is the same one, but > I reported it upstream: > https://sourceware.org/bugzilla/show_bug.cgi?id=17512 > > As this is a write to uninitialized memory it seems to me a CVE is > deserved. > > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e Use CVE-2014-8501 for the 7e1e19887abd24aeb15066b141cdff5541e0ec8e issue. > https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c16 > > Seems to be different from the previous crasher. > > https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 > > objdump-pe-crasher2 gives a heap overflow Use CVE-2014-8502 for the objdump-pe-crasher2 issue. > https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33 > https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34 Use CVE-2014-8503 for this ihex parser issue. > http://openwall.com/lists/oss-security/2014/10/27/4 > http://openwall.com/lists/oss-security/2014/10/27/5 > https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7 > https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8 Use CVE-2014-8504 for this srec_scan issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8504 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503 http://seclists.org/oss-sec/2014/q4/482 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8504.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8501.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8502.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8503.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504 http://openwall.com/lists/oss-security/2014/10/27/2
Micha already handles the other one.
But I'll wait a bit until the bruhaha calms down a bit. With everybody now jumping with fuzzers on strings some more bugs will probably turn up. Silly guys.
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-11-24. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59612
That is because the problem caused by this specific testcase wasn't actually fixed during the bruhaha time but a bit before and wasn't included in my git commit list. Specifically bd25671c6f202c4a5108883caa2adb24ff6f361f is missing :-/ I need to redo the update.
MR 48582 for SLE12 SR 48584 for SLE11-SP3
SUSE-SU-2015:0152-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 902676,902677,903655,905735,905736 CVE References: CVE-2014-8484,CVE-2014-8485,CVE-2014-8501,CVE-2014-8502,CVE-2014-8503,CVE-2014-8504,CVE-2014-8737,CVE-2014-8738 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): binutils-2.24-7.1, cross-ppc-binutils-2.24-7.1, cross-spu-binutils-2.24-7.1 SUSE Linux Enterprise Server 12 (src): binutils-2.24-7.1 SUSE Linux Enterprise Desktop 12 (src): binutils-2.24-7.1
SUSE-SU-2015:0168-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 902676,902677,903655,905735,905736 CVE References: CVE-2014-8484,CVE-2014-8485,CVE-2014-8501,CVE-2014-8502,CVE-2014-8503,CVE-2014-8504,CVE-2014-8737,CVE-2014-8738 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): binutils-2.23.1-0.23.15, cross-ppc-binutils-2.23.1-0.23.2, cross-spu-binutils-2.23.1-0.23.2 SUSE Linux Enterprise Server 11 SP3 for VMware (src): binutils-2.23.1-0.23.15 SUSE Linux Enterprise Server 11 SP3 (src): binutils-2.23.1-0.23.15 SUSE Linux Enterprise Desktop 11 SP3 (src): binutils-2.23.1-0.23.15
i think we are through.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-12-30. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62377
Guys, was the SLES 11SP1 also affected by this issue?