Bug 1162666 – CVE-2014-8738 binutils: out of bounds memory write

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1162666 - (CVE-2014-8738) CVE-2014-8738 binutils: out of bounds memory write

Summary:	CVE-2014-8738 binutils: out of bounds memory write

Status:	NEW

Aliases:	CVE-2014-8738

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20141102,reported=2...
Keywords:	Security

Depends On:	1162675 1162669 1162670 1162671 1162672 1162673 1162674 1162676 1162678 1168281 1168302 1172710
Blocks:	1156276 1210268
	Show dependency tree / graph

Reported:	2014-11-11 07:52 EST by Vasyl Kaigorodov
Modified:	2017-01-20 04:41 EST (History)
CC List:	25 users (show)

See Also:
Fixed In Version:	binutils-2.23.52.0.1-55.el7
Doc Type:	Bug Fix
Doc Text:	A heap-based buffer overflow flaw was found in the way certain binutils utilities processed archive files. If a user were tricked into processing a specially crafted archive file, it could cause the utility used to process that archive to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Imported for for PR 17533 (6.11 KB, patch) 2014-11-13 07:00 EST, Nick Clifton	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2079	normal	SHIPPED_LIVE	Moderate: binutils security, bug fix, and enhancement update	2015-11-19 02:41:11 EST

Groups: None (edit)

Description Vasyl Kaigorodov 2014-11-11 07:52:56 EST

It was reported [1] that objdump will try to overwrite part of memory when processing a crafted "ar" archive file.
Upstream patch for this is at [2].
Reproducer is available in https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0

[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
[2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f

Comment 1 Vasyl Kaigorodov 2014-11-11 07:55:55 EST

Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162673]
Affects: epel-all [bug 1162678]

Comment 2 Vasyl Kaigorodov 2014-11-11 07:56:00 EST

Created avr-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162670]
Affects: epel-all [bug 1162675]

Comment 3 Vasyl Kaigorodov 2014-11-11 07:56:03 EST

Created arm-none-eabi-binutils-cs tracking bugs for this issue:

Affects: fedora-all [bug 1162669]

Comment 4 Vasyl Kaigorodov 2014-11-11 07:56:06 EST

Created msp430-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162674]

Comment 5 Vasyl Kaigorodov 2014-11-11 07:56:09 EST

Created cross-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162672]
Affects: epel-all [bug 1162676]

Comment 6 Vasyl Kaigorodov 2014-11-11 07:56:12 EST

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162671]

Comment 7 Nick Clifton 2014-11-13 07:00:27 EST

Created attachment 957153 [details]
Imported for for PR 17533

Comment 8 Nick Clifton 2014-11-13 07:02:49 EST

Fixed in: binutils-2.24-29.fc22

I have applied a patch (uploaded to this BZ) to the rawhide binutils.  It is derived from the patches created for PR 17533, adapted to work with the rawhide sources.

Ideally the patch will soon be redundant, as rawhide should be switching over to the 2.25 binutils release, once that actually happens.  2.25 already contains this patch.

Comment 9 Vasyl Kaigorodov 2014-11-26 10:11:57 EST

Statement:

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Comment 11 Fedora Update System 2014-12-05 21:37:24 EST

arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2014-12-05 21:40:52 EST

avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2014-12-06 05:04:44 EST

avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2014-12-06 05:09:29 EST

arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2014-12-06 23:38:09 EST

avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2014-12-06 23:39:50 EST

arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2015-01-21 18:07:06 EST

binutils-2.24-30.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Vasyl Kaigorodov 2015-05-13 06:04:23 EDT

Reproducer is available in https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0

Comment 21 Fedora Update System 2015-10-02 18:25:27 EDT

cross-binutils-2.23.88.0.1-2.el7.1 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2015-10-02 19:23:51 EDT

cross-binutils-2.23.51.0.3-1.el6.1 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 23 Nick Clifton 2015-10-13 10:59:28 EDT

I have checked in an updated patch for this issue.  The previous version of the patch was missing a delta, which effectively made it useless.  The new version is available in: binutils-2.23.52.0.1-55.el7

Comment 24 Nick Clifton 2015-10-13 11:07:47 EDT

oops - I should not have changed this BZ, sorry...

Comment 25 errata-xmlrpc 2015-11-18 22:33:54 EST

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html

Note You need to log in before you can comment on or make changes to this bug.

bgollahe
carnil
dan
dhowells
erik-fedora
fedora-mingw
jakub
jrusnack
kalevlember
kanderso
law
lkocman
lkundrak
mhlavink
mnewsome
mprchlik
nickc
ohudlick
pfrankli
rjones
rob
slawomir
swhiteho
thibault.north
trond.danielsen