dwarfutils: CVE-2017-9998: SEGV libdwarf/dwarf_leb.c:291 in _dwarf_decode_s_leb128_chk

Debian Bug report logs - #866968
dwarfutils: CVE-2017-9998: SEGV libdwarf/dwarf_leb.c:291 in _dwarf_decode_s_leb128_chk

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: dwarfutils: CVE-2017-9998: SEGV libdwarf/dwarf_leb.c:291 in _dwarf_decode_s_leb128_chk

Date: Mon, 03 Jul 2017 07:08:00 +0200

Source: dwarfutils
Version: 20170416-2
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for dwarfutils.

CVE-2017-9998[0]:
| The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf
| through 2017-06-28 allows remote attackers to cause a denial of service
| (Segmentation fault) via a crafted file.

$~/dwarfutils-20170416# ./dwarfdump/dwarfdump ~/POC1

.debug_info
ASAN:DEADLYSIGNAL
=================================================================
==985==ERROR: AddressSanitizer: SEGV on unknown address 0x60462c598e45 (pc 0x5611cdb92696 bp 0x7ffdcfc1c2a0 sp 0x7ffdcfc1c250 T0)
    #0 0x5611cdb92695 in _dwarf_decode_s_leb128_chk libdwarf/dwarf_leb.c:291
    #1 0x5611cdbc56a6 in _dwarf_get_size_of_val libdwarf/dwarf_util.c:371
    #2 0x5611cdbb941d in _dwarf_get_value_ptr libdwarf/dwarf_query.c:519
    #3 0x5611cdbb9e6c in dwarf_attr libdwarf/dwarf_query.c:614
    #4 0x5611cdb9acab in dwarf_srcfiles dwarf_line.c:326
    #5 0x5611cdb1a770 in print_one_die_section dwarfdump/print_die.c:812
    #6 0x5611cdb18326 in print_infos dwarfdump/print_die.c:371
    #7 0x5611cdb0599e in process_one_file dwarfdump/dwarfdump.c:1293
    #8 0x5611cdb035d7 in main dwarfdump/dwarfdump.c:562
    #9 0x7fa2134172b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #10 0x5611cdaffa09 in _start (/home/user/dwarfutils-20170416/dwarfdump/dwarfdump+0x4fa09)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libdwarf/dwarf_leb.c:291 in _dwarf_decode_s_leb128_chk
==985==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9998
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9998

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 866968-submitter@bugs.debian.org (full text, mbox, reply):

From: Fabian Wolff <fabi.wolff@arcor.de>

To: 866968-submitter@bugs.debian.org

Subject: Bug#866968 marked as pending

Date: Wed, 05 Jul 2017 16:18:40 +0000

tag 866968 pending
thanks

Hello,

Bug #866968 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/collab-maint/dwarfutils.git/commit/?id=20d9623

---
commit 20d9623663476cba5fa88842fc00efe138e68e7a
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Wed Jul 5 17:46:22 2017 +0200

    Add patch 02-fix-CVE-2017-9998.patch

diff --git a/debian/changelog b/debian/changelog
index f0ccf1e..2dbb1e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ dwarfutils (20170416-3) UNRELEASED; urgency=medium
 
   * Update debian/copyright.
   * Upgrade to Standards-Version 4.0.0 in debian/control (no changes).
+  * Add patch 02-fix-CVE-2017-9998.patch to fix CVE-2017-9998
+    (Closes: #866968).
 
- -- Fabian Wolff <fabi.wolff@arcor.de>  Wed, 05 Jul 2017 15:33:06 +0200
+ -- Fabian Wolff <fabi.wolff@arcor.de>  Wed, 05 Jul 2017 17:43:31 +0200
 
 dwarfutils (20170416-2) unstable; urgency=medium
 

Message #15 received at 866968-close@bugs.debian.org (full text, mbox, reply):

From: Fabian Wolff <fabi.wolff@arcor.de>

To: 866968-close@bugs.debian.org

Subject: Bug#866968: fixed in dwarfutils 20170416-3

Date: Fri, 07 Jul 2017 20:49:00 +0000

Source: dwarfutils
Source-Version: 20170416-3

We believe that the bug you reported is fixed in the latest version of
dwarfutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866968@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabian Wolff <fabi.wolff@arcor.de> (supplier of updated dwarfutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 07 Jul 2017 14:31:46 +0200
Source: dwarfutils
Binary: dwarfdump libdwarf-dev libdwarf1
Architecture: source
Version: 20170416-3
Distribution: unstable
Urgency: medium
Maintainer: Fabian Wolff <fabi.wolff@arcor.de>
Changed-By: Fabian Wolff <fabi.wolff@arcor.de>
Closes: 866155 866968
Description: 
 dwarfdump  - utility to dump DWARF debug information from ELF objects
 libdwarf1  - library to consume and produce DWARF debug information (runtime)
 libdwarf-dev - library to consume and produce DWARF debug information
Changes:
 dwarfutils (20170416-3) unstable; urgency=medium
 .
   * Update debian/copyright.
   * Upgrade to Standards-Version 4.0.0 in debian/control (no changes).
   * Add patch 02-fix-CVE-2017-9998.patch to fix CVE-2017-9998
     (Closes: #866968).
   * Add override_dh_compress target in debian/rules to make sure the
     upstream changelog is compressed (Closes: #866155).
Checksums-Sha1: 
 18c4d7c9c6265ddd3b5cfaec14823bde7d94fbe5 2090 dwarfutils_20170416-3.dsc
 2406424f317a16ba586016ff83763a411a096901 1777385 dwarfutils_20170416.orig.tar.gz
 a406a2f289dc8a9c1dd0ed79699d7bf23518b668 11284 dwarfutils_20170416-3.debian.tar.xz
Checksums-Sha256: 
 41c25435b95cbbbfc8bc15e9c19a7b54f95b8828f23bc85d7168e6494728244e 2090 dwarfutils_20170416-3.dsc
 d340c395217d78a67bec069f9991130622626a87cdba73131d091cb2f1005d81 1777385 dwarfutils_20170416.orig.tar.gz
 063cef0f3f4d459f80258d2ef5e9ef6bbd5f59e80fc0ed2f054ff6e807fd1016 11284 dwarfutils_20170416-3.debian.tar.xz
Files: 
 e3c7f969c70bd3c8a5a885bc152e0d80 2090 libs optional dwarfutils_20170416-3.dsc
 6a53d2b55d3ee2da396d4d0711e5c251 1777385 libs optional dwarfutils_20170416.orig.tar.gz
 f961706ff23ed5ed1b672744dd522bf0 11284 libs optional dwarfutils_20170416-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERsscqJ6jt0N2dh45FeCa9N9RgsgFAllf63gACgkQFeCa9N9R
gsiyew/8CrO1KxOn1kam6IF7JXALWpaPiLbajF3UHMvlw//ZTvfrxRp2YfxwjLgI
Ob34FD2W4i4swr+w+TfxOUx9L2B4LlhO3D9qhLXGSkJv5nqaee703KoXiTe8a7nS
TZDzIlXx1zLEbBJmT301x2L8cgd63cZGq/HLkMPG77KT1m4JSd0u/peEdhzCWZMs
W2NdlTjAWFFB8UBverzeLCJ93isjLJNjSUvKCglkTLoDWpcx8SAeTpZA0xa5IC8t
wUs6KKmPZc5jatwhJKn78cDu+bf0QVQEq/i7/CigJQ0A/joNioqjoz9grEUpJDyI
aPdqbsjnU5hnX2GsiO7LKTzSfy6JZeL0dB9jL8nxNPI0xHdNv0xHiBR0S5ASf/t6
MgGDuTLZGQoNVC2PyWcjhMz+t2h75BbCjf44u5CWYHJLa2cKIrnOFefRnS6O8giw
xj5KE6FOIy9xO3hhFxuBWMmf3k4GSJwD4mzyxdxDY+KcbmeSXU4UItscvIAufS9Z
mlvBN7k9CnWRjUist+y/cp+bTEkSd4uo5jFYhvrYiKG7zZwBPdzqhIqW8/QYdFHP
LM5Jl3jaJUQ3YFEq6sgtzqRPuz/ZnnnbcR2BWbooeQq4Qflz+HouTgj/5QrFCCit
YIWKdApnomw8OCkqPUhkTv9bhtTOF4vrWbs+3JaKKLgUpQBMMcg=
=NtyN
-----END PGP SIGNATURE-----

Message #20 received at 866968-close@bugs.debian.org (full text, mbox, reply):

From: Fabian Wolff <fabi.wolff@arcor.de>

To: 866968-close@bugs.debian.org

Subject: Bug#866968: fixed in dwarfutils 20161124-1+deb9u1

Date: Sat, 15 Jul 2017 22:17:13 +0000

Source: dwarfutils
Source-Version: 20161124-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
dwarfutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866968@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabian Wolff <fabi.wolff@arcor.de> (supplier of updated dwarfutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 15 Jul 2017 12:50:56 +0200
Source: dwarfutils
Binary: dwarfdump libdwarf-dev libdwarf1
Architecture: source amd64
Version: 20161124-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Fabian Wolff <fabi.wolff@arcor.de>
Changed-By: Fabian Wolff <fabi.wolff@arcor.de>
Description:
 dwarfdump  - utility to dump DWARF debug information from ELF objects
 libdwarf-dev - library to consume and produce DWARF debug information
 libdwarf1  - library to consume and produce DWARF debug information (runtime)
Closes: 864064 866968
Changes:
 dwarfutils (20161124-1+deb9u1) stretch; urgency=medium
 .
   * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
     CVE-2017-9055 (Closes: #864064).
   * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
   * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
   * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
     (Closes: #866968).
Checksums-Sha1:
 ed8fa404f8b37c59175c9b05e8337b7438809514 2117 dwarfutils_20161124-1+deb9u1.dsc
 bef1cb152f5e05646b2cc3f6d9da8a594ffde69d 1732155 dwarfutils_20161124.orig.tar.gz
 831e1bab262c9e49d5689b89812f373363033efa 11700 dwarfutils_20161124-1+deb9u1.debian.tar.xz
 a2d3cc110916bc9ca7ac11225fe6ea7fd57fb043 559608 dwarfdump-dbgsym_20161124-1+deb9u1_amd64.deb
 52c059d8c0147de482ad26b256f78ca0ab97aa17 236660 dwarfdump_20161124-1+deb9u1_amd64.deb
 0a2fae0a62770eed7803395125e63407a2960cd2 6796 dwarfutils_20161124-1+deb9u1_amd64.buildinfo
 00cd0b92bcdc6ad735b950e18b72667fa6892e17 784174 libdwarf-dev_20161124-1+deb9u1_amd64.deb
 32d71c02cba4d900ac87787684c174632ae7f23d 407856 libdwarf1-dbgsym_20161124-1+deb9u1_amd64.deb
 23edf38715294183a5b72cab2a914d90316d68dc 203326 libdwarf1_20161124-1+deb9u1_amd64.deb
Checksums-Sha256:
 93e5eb51bf0da41b855d1336df71d9afb82e827558ca2afad12c4b5db51e1bfd 2117 dwarfutils_20161124-1+deb9u1.dsc
 bd3d6dc7da0509876fb95b8681f165febd898845dc66714aa58e69b8feca988f 1732155 dwarfutils_20161124.orig.tar.gz
 fb3e67f86df92a4b565cc9cea3ba205a9a31cccc21e31fbc06709dc31e8bb383 11700 dwarfutils_20161124-1+deb9u1.debian.tar.xz
 a5caa6baf89b115910cd7f89cb248e86609e36197b8081698e63a867c76bdf90 559608 dwarfdump-dbgsym_20161124-1+deb9u1_amd64.deb
 bed180577e68e379c06e0901601c41cf2946187c0cfb85305e5b2f94f113a7d0 236660 dwarfdump_20161124-1+deb9u1_amd64.deb
 262f5981bec86fe9bfafa013ec2c54099d545642a363f2a928fc4273edc034c4 6796 dwarfutils_20161124-1+deb9u1_amd64.buildinfo
 315b193d72e35503f50c58b6e5d97fbe9fc911f7eca72ca499addfc2660392db 784174 libdwarf-dev_20161124-1+deb9u1_amd64.deb
 1dee22ed9b6c9c254b485850f338b5e21b9946f5efaa79a0537f6eb5fdf2bf79 407856 libdwarf1-dbgsym_20161124-1+deb9u1_amd64.deb
 688fbfd899697a899d20f35f30af7a7cf263cf7671b86741ffbb574d8b3d196f 203326 libdwarf1_20161124-1+deb9u1_amd64.deb
Files:
 fbf384704f66a7c922aa8a6f200dc93a 2117 libs optional dwarfutils_20161124-1+deb9u1.dsc
 35526477c0bb572d9e3dab54b7ae5cc0 1732155 libs optional dwarfutils_20161124.orig.tar.gz
 ab1884e3277d37337abe47067068cb0c 11700 libs optional dwarfutils_20161124-1+deb9u1.debian.tar.xz
 960684fb3d488b8bc909ce86418f305c 559608 debug extra dwarfdump-dbgsym_20161124-1+deb9u1_amd64.deb
 708e17fd7698fa6066b19e6494c6f058 236660 utils optional dwarfdump_20161124-1+deb9u1_amd64.deb
 eeddf3b1f68ed1366ac4748270bec236 6796 libs optional dwarfutils_20161124-1+deb9u1_amd64.buildinfo
 53523c1c2828ac6491909cc747d1b649 784174 libdevel optional libdwarf-dev_20161124-1+deb9u1_amd64.deb
 c6a3c840e6a2f8a1b63dccde0fd8966a 407856 debug extra libdwarf1-dbgsym_20161124-1+deb9u1_amd64.deb
 70047cc02f7703794e1c4f07a33acf5d 203326 libs optional libdwarf1_20161124-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERsscqJ6jt0N2dh45FeCa9N9RgsgFAllqCnEACgkQFeCa9N9R
gsilqhAApGP8RV+ioZgRTb3LqxlHblHERKiDHyC6vFoO4te5zE+us3FiyyamAdQu
Wkm7ewDOYLoRDzCG2nXNSpF2jJSZj5qVLlJySpnuj+Jb/dew2E0zieIKUrRRcHCj
cZynzSxuK/1QOFWAmNysTpca7XSEiDi2ps4uSI2vOrQKW62DaPLw8XBCx5oLgP1H
DOmKNz+yGquFTaBsTL8xW+xZpmGz8nN24UPa47/NzSbBPlovteZy4+5JfMJyMPVq
VKlGOR02Svy1/igL4mwyXENr8aiPPswPqONFYUUKAm7k7AHNESYKmnHApJq2ptL0
wpymmAKsQ3NMwgQW3iJ4R1gE5zw7fTwlsap73jLT9KSC1ZzjzBNSnFu8jlcy1fFr
rNRG8RTKV6O0tdAYGSN8p7r0RHK33wWy/c5SGNR8Rj852cpeNSaxOppTUgPBTXqL
6Bgib/2Df1y8gFWnztywA2cG+PUlnMHYF0ENNBca+MXBIZ84CIUi+Gv3okZKwlKr
lFFbUIjuosmySnuH742oPWqEs20vMXnSoh0rx+4YFZXeMLnKeKLZ39yUiISLveBY
lvCMV3IhyHrjNS2rPKteAbucsGSxhXyuOcojGvURt+8DY2/1dMJsn7FQUBkie8Ky
qV1IuhCoMmO89PDDETkePdLHHISBoRfc3YQNN2cc3NKB/jzSfBg=
=pTF+
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.