Bug 1551771 (CVE-2018-7568)

Summary: CVE-2018-7568 binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: aoliva, dvlasenk, erik-fedora, fche, jakub, kanderso, klember, ktietz, law, lpardo, mcermak, mnewsome, mpolacek, nickc, ohudlick, rjones, rschiron
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:42:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1551772, 1551773, 1551774, 1569580, 1569581, 1569582, 1572223    
Bug Blocks: 1551789    

Description Laura Pardo 2018-03-05 23:08:08 UTC
A flaw was found in the parse_die function in dwarf1.c in the Binary File
Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils up to
version 2.30, when compiled in 32bit mode. This vulnerability allows attackers to cause a denial of service (integer overflow and application crash)
via an ELF file with corrupted dwarf1 debug information.


References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22894

Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2

Comment 1 Laura Pardo 2018-03-05 23:08:37 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1551772]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1551774]

Comment 6 errata-xmlrpc 2018-10-30 07:23:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032