Bug 1483583 (CVE-2017-12459)

Summary: CVE-2017-12459 binutils: out of bounds heap write in bfd_mach_o_read_symtab_strtab function
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erik-fedora, fedora-mingw, jakub, klember, ktietz, law, nickc, ohudlick, rjones, sardella, slawomir, yselkowi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-22 12:53:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1483603, 1483604, 1483605    
Bug Blocks: 1483587    

Description Adam Mariš 2017-08-21 12:44:15 UTC 
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the
Binary File Descriptor (BFD) library (aka libbfd), as distributed in
GNU Binutils 2.29 and earlier, allows remote attackers to cause an out
of bounds heap write and possibly achieve code execution via a crafted
mach-o file.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=21840

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
Comment 1 Adam Mariš 2017-08-21 13:14:23 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1483604]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1483603]
Affects: fedora-all [bug 1483605]
Comment 2 Pedro Yóssis Silva Barbosa 2017-09-22 12:53:42 UTC 
The issues did not affect Red Hat Enterprise Linux 5, 6, 7 and devtools 4, 6 and 7.
Red Hat does not ship binutils compiled with the --enable-targets=all configuration. Therefore, Product Security Team was not able to reproduce the issues.