Bug 1080556 (CVE-2018-6872) - VUL-1: CVE-2018-6872: binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library
Summary: VUL-1: CVE-2018-6872: binutils: out of bounds read in elf_parse_notes functio...
Status: RESOLVED WORKSFORME
Alias: CVE-2018-6872
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Michael Matz
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/199777/
Whiteboard: CVSSv3:RedHat:CVE-2018-6872:3.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-12 10:21 UTC by Karol Babioch
Modified: 2023-04-06 09:09 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-02-12 10:21:09 UTC 
rh#1543969

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD)
library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote
attackers to cause a denial of service (out-of-bounds read and segmentation
violation) via a note with a large alignment.

Upstream fix:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1543969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6872
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6872.html
https://sourceware.org/bugzilla/show_bug.cgi?id=22788
Comment 2 Michael Matz 2018-02-13 14:19:41 UTC 
Yes, 2.29 isn't vulnerable, it ignores the section alignment and hard-codes
"4" for it.
Comment 4 Swamp Workflow Management 2018-10-16 19:11:10 UTC 
SUSE-SU-2018:3170-1: An update that solves 25 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1075418,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368
CVE References: CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    binutils-2.31-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    binutils-2.31-6.3.1
Comment 5 Swamp Workflow Management 2018-10-18 16:28:05 UTC 
SUSE-SU-2018:3207-2: An update that solves 52 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1029907,1029908,1029909,1030296,1030297,1030298,1030584,1030585,1030588,1030589,1031590,1031593,1031595,1031638,1031644,1031656,1037052,1037057,1037061,1037066,1037273,1044891,1044897,1044901,1044909,1044925,1044927,1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1074741,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368
CVE References: CVE-2014-9939,CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2017-6965,CVE-2017-6966,CVE-2017-6969,CVE-2017-7209,CVE-2017-7210,CVE-2017-7223,CVE-2017-7224,CVE-2017-7225,CVE-2017-7226,CVE-2017-7299,CVE-2017-7300,CVE-2017-7301,CVE-2017-7302,CVE-2017-7303,CVE-2017-7304,CVE-2017-8392,CVE-2017-8393,CVE-2017-8394,CVE-2017-8396,CVE-2017-8421,CVE-2017-9746,CVE-2017-9747,CVE-2017-9748,CVE-2017-9750,CVE-2017-9755,CVE-2017-9756,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    binutils-2.31-9.26.1
Comment 6 Swamp Workflow Management 2018-10-18 16:59:19 UTC 
openSUSE-SU-2018:3223-1: An update that solves 52 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1029907,1029908,1029909,1030296,1030297,1030298,1030584,1030585,1030588,1030589,1031590,1031593,1031595,1031638,1031644,1031656,1037052,1037057,1037061,1037066,1037273,1044891,1044897,1044901,1044909,1044925,1044927,1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1074741,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368
CVE References: CVE-2014-9939,CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2017-6965,CVE-2017-6966,CVE-2017-6969,CVE-2017-7209,CVE-2017-7210,CVE-2017-7223,CVE-2017-7224,CVE-2017-7225,CVE-2017-7226,CVE-2017-7299,CVE-2017-7300,CVE-2017-7301,CVE-2017-7302,CVE-2017-7303,CVE-2017-7304,CVE-2017-8392,CVE-2017-8393,CVE-2017-8394,CVE-2017-8396,CVE-2017-8421,CVE-2017-9746,CVE-2017-9747,CVE-2017-9748,CVE-2017-9750,CVE-2017-9755,CVE-2017-9756,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945
Sources used:
openSUSE Leap 42.3 (src):    binutils-2.31-19.1, cross-aarch64-binutils-2.31-19.1, cross-arm-binutils-2.31-19.1, cross-avr-binutils-2.31-19.1, cross-hppa-binutils-2.31-19.1, cross-hppa64-binutils-2.31-19.1, cross-i386-binutils-2.31-19.1, cross-ia64-binutils-2.31-19.1, cross-m68k-binutils-2.31-19.1, cross-mips-binutils-2.31-19.1, cross-ppc-binutils-2.31-19.1, cross-ppc64-binutils-2.31-19.1, cross-ppc64le-binutils-2.31-19.1, cross-s390-binutils-2.31-19.1, cross-s390x-binutils-2.31-19.1, cross-sparc-binutils-2.31-19.1, cross-sparc64-binutils-2.31-19.1, cross-spu-binutils-2.31-19.1, cross-x86_64-binutils-2.31-19.1
Comment 7 Swamp Workflow Management 2018-10-23 13:24:59 UTC 
openSUSE-SU-2018:3323-1: An update that solves 25 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1075418,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368
CVE References: CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945
Sources used:
openSUSE Leap 15.0 (src):    binutils-2.31-lp150.5.3.1, cross-aarch64-binutils-2.31-lp150.5.3.1, cross-arm-binutils-2.31-lp150.5.3.1, cross-avr-binutils-2.31-lp150.5.3.1, cross-epiphany-binutils-2.31-lp150.5.3.1, cross-hppa-binutils-2.31-lp150.5.3.1, cross-hppa64-binutils-2.31-lp150.5.3.1, cross-i386-binutils-2.31-lp150.5.3.1, cross-ia64-binutils-2.31-lp150.5.3.1, cross-m68k-binutils-2.31-lp150.5.3.1, cross-mips-binutils-2.31-lp150.5.3.1, cross-ppc-binutils-2.31-lp150.5.3.1, cross-ppc64-binutils-2.31-lp150.5.3.1, cross-ppc64le-binutils-2.31-lp150.5.3.1, cross-riscv64-binutils-2.31-lp150.5.3.1, cross-rx-binutils-2.31-lp150.5.3.1, cross-s390-binutils-2.31-lp150.5.3.1, cross-s390x-binutils-2.31-lp150.5.3.1, cross-sparc-binutils-2.31-lp150.5.3.1, cross-sparc64-binutils-2.31-lp150.5.3.1, cross-spu-binutils-2.31-lp150.5.3.1
Comment 8 Swamp Workflow Management 2018-10-26 22:13:45 UTC 
SUSE-SU-2018:3170-2: An update that solves 25 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1065643,1065689,1065693,1068640,1068643,1068887,1068888,1068950,1069176,1069202,1075418,1077745,1079103,1079741,1080556,1081527,1083528,1083532,1085784,1086608,1086784,1086786,1086788,1090997,1091015,1091365,1091368
CVE References: CVE-2017-15938,CVE-2017-15939,CVE-2017-15996,CVE-2017-16826,CVE-2017-16827,CVE-2017-16828,CVE-2017-16829,CVE-2017-16830,CVE-2017-16831,CVE-2017-16832,CVE-2018-10372,CVE-2018-10373,CVE-2018-10534,CVE-2018-10535,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    binutils-2.31-6.3.1, cross-arm-binutils-2.31-6.3.1, cross-avr-binutils-2.31-6.3.1, cross-epiphany-binutils-2.31-6.3.1, cross-hppa-binutils-2.31-6.3.1, cross-hppa64-binutils-2.31-6.3.1, cross-i386-binutils-2.31-6.3.1, cross-ia64-binutils-2.31-6.3.1, cross-m68k-binutils-2.31-6.3.1, cross-mips-binutils-2.31-6.3.1, cross-ppc-binutils-2.31-6.3.1, cross-ppc64-binutils-2.31-6.3.1, cross-riscv64-binutils-2.31-6.3.1, cross-rx-binutils-2.31-6.3.1, cross-s390-binutils-2.31-6.3.1, cross-sparc-binutils-2.31-6.3.1, cross-sparc64-binutils-2.31-6.3.1, cross-spu-binutils-2.31-6.3.1