Bug 1162594 (CVE-2014-8502)
| Summary: | CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dan, dhowells, erik-fedora, fedora-mingw, jakub, kalevlember, kanderso, law, lkundrak, mhlavink, mnewsome, mprchlik, nickc, nobody+bgollahe, ohudlick, pfrankli, rjones, rob, seceng-idm-qe-list, swhiteho, thibault.north, trond.danielsen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | binutils 2.25 | Doc Type: | Bug Fix |
| Doc Text: |
It was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:35:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1162598, 1162599, 1162600, 1162601, 1162602, 1162603, 1162604, 1162605, 1162606, 1168281, 1168302, 1172710 | ||
| Bug Blocks: | 1156276, 1210268 | ||
| Attachments: | |||
|
Description
Vasyl Kaigorodov
2014-11-11 11:20:07 UTC
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162602] Affects: epel-all [bug 1162606] Created avr-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162599] Affects: epel-all [bug 1162604] Created arm-none-eabi-binutils-cs tracking bugs for this issue: Affects: fedora-all [bug 1162598] Created msp430-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162603] Created cross-binutils tracking bugs for this issue: Affects: fedora-all [bug 1162601] Affects: epel-all [bug 1162605] Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1162600] Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. Created attachment 1043575 [details] Amalgamted patch to fix all of the bugs referenced by PR 1712#c17 Created attachment 1043578 [details]
Corrupt binary that (used to) crash objdump -x
Created attachment 1043579 [details]
Second corrupt binary that (used to ) crash objdump -x
Created attachment 1043580 [details]
Corrupt ELF binary that (used to) crash objdump -x
I have uploaded a patch to fix this BZ, plus the three corrupt binary files (extracted from PR 17512) that used to trigger the bugs. I am not sure what I should do next. Can someone please advise ? Cheers Nick Nick, I'll walk you through the various process/procedural stuff Monday. Well, I'll probably send you a howto over the weekend, which you can try Monday morning and if there's questions, we can cover them in IRC Monday. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html |