Bug 1739490 (CVE-2019-14250)
Summary: | CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | ahajkova, avi.kivity, davejohansen, dmalcolm, dvlasenk, fweimer, jakub, jwakely, mbenatto, mcermak, mnewsome, mpolacek, mprchlik, msebor, nickc, ohudlick, security-response-team, trupti_pardeshi |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-27 10:47:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1739491, 1744174, 1744175, 1744176, 1744177, 1744178, 1744179, 1744182, 1744183, 1744192 | ||
Bug Blocks: | 1739492 |
Description
Marian Rehak
2019-08-09 12:41:38 UTC
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1739491] Upstream patch for gcc: https://gcc.gnu.org/viewcvs/gcc/branches/gcc-8-branch/libiberty/simple-object-elf.c?view=patch&r1=273794&r2=273793&pathrev=273794 upstream commit for binutils: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=f211b8c0b91fc7b1657079a495f05a9a4d957821 On the binutils scenario the patch synchronizes with gcc mainline so it includes much more changes than we might expect. The changelog entry for that on the commit message is: * simple-object-elf.c (simple_object_elf_match): Check zero value shstrndx. This fixes a Bug 90924. Created gcc tracking bugs for this issue: Affects: fedora-all [bug 1744192] Statement: This issue resides on libiberty code, libiberty is part of GNU project and contains several utilities being distributed by gcc and binutils packages. This flaws affects binutils versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and 8 and also gcc versions as shipped with Red Hat Enterprise Linux 5, 6 ,7 and 8. Versions of gcc shipped with Red Hat Developers Tool Set 7 and 8 are also affected. This flaw was scored with 'Low' security impact for both binutils and gcc packages by Red Hat Product Security Team. When reading ELF files libiberty parses the ELF structure to load its sections on memory. A crafted ELF file with invalid Section Header index leads to buffer overflow at simple_object_elf_find_sections() due to the lack of input validation. The overflow may lead to memory corruption and further out of bands read causing DoS. Can someone please update on whether this defect will be fixed in gcc of RHEL 5 and RHEL 6? And if yes, in which gcc version? Any heads up are appreciated. Thanks in advance. Best Regards, (In reply to Trupti Pardeshi from comment #14) > Can someone please update on whether this defect will be fixed in gcc of > RHEL 5 and RHEL 6? And if yes, in which gcc version? Yes they are affected. (Although to be clear it is the binutils packages in RHEL 5 and RHEL 6 which are most affected by the problem. The bug is in the libiberty library which is maintained as part of the GCC project, but which is used extensively by the binutils project). Currently there are no plans to fix the bug in RHEL 5 or RHEL 6. The bug is fixed however in the Developer Toolset 9 release of the binutils which is available for RHEL 6. (In reply to Nick Clifton from comment #15) > (In reply to Trupti Pardeshi from comment #14) > > Can someone please update on whether this defect will be fixed in gcc of > > RHEL 5 and RHEL 6? And if yes, in which gcc version? > > Yes they are affected. (Although to be clear it is the binutils packages in > RHEL 5 and RHEL 6 which are most affected by the problem. The bug is in the > libiberty library which is maintained as part of the GCC project, but which > is used extensively by the binutils project). > > Currently there are no plans to fix the bug in RHEL 5 or RHEL 6. > > The bug is fixed however in the Developer Toolset 9 release of the binutils > which is available for RHEL 6. Thank you so much Nick for prompt and clear reply. PS: Just a kind thought that if GCC of RHEL 5 and RHEL 6 are affected, then those aren't they mentioned in affected packages. https://access.redhat.com/security/cve/cve-2019-14250 |