Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

binutils: CVE-2017-7614

Related Vulnerabilities: CVE-2017-7614  

Source

Debian Bug report logs - #859989
binutils: CVE-2017-7614

version graph

Package: src:binutils; Maintainer for src:binutils is Matthias Klose <doko@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Mon, 10 Apr 2017 04:24:01 UTC

Severity: normal

Tags: patch, security, upstream

Found in version binutils/2.28-3

Fixed in version binutils/2.28-4

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#859989; Package src:binutils. (Mon, 10 Apr 2017 04:24:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>. (Mon, 10 Apr 2017 04:24:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: binutils: CVE-2017-7614
Date: Mon, 10 Apr 2017 06:20:52 +0200
Source: binutils
Version: 2.28-3
Severity: normal
Tags: patch upstream security

Hi,

the following vulnerability was published for binutils.

CVE-2017-7614[0]:
| elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as
| distributed in GNU Binutils 2.28, has a "member access within null
| pointer" undefined behavior issue, which might allow remote attackers
| to cause a denial of service (application crash) or possibly have
| unspecified other impact via an "int main() {return 0;}" program.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7614
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=ad32986fdf9da1c8748e47b8b45100398223dba8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (Tue, 18 Apr 2017 03:09:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 18 Apr 2017 03:09:04 GMT) (full text, mbox, link).

Message #10 received at 859989-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>
To: 859989-close@bugs.debian.org
Subject: Bug#859989: fixed in binutils 2.28-4
Date: Tue, 18 Apr 2017 03:04:26 +0000
Source: binutils
Source-Version: 2.28-4

We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859989@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated binutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 18 Apr 2017 08:08:02 +0630
Source: binutils
Binary: binutils binutils-dev binutils-multiarch binutils-multiarch-dev binutils-hppa64-linux-gnu binutils-doc binutils-source binutils-s390x-linux-gnu binutils-powerpc64le-linux-gnu binutils-powerpc-linux-gnu binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf binutils-arm-linux-gnueabi binutils-mips-linux-gnu binutils-mipsel-linux-gnu binutils-alpha-linux-gnu binutils-hppa-linux-gnu binutils-m68k-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64el-linux-gnuabi64 binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-sh4-linux-gnu binutils-sparc64-linux-gnu binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabin32
Architecture: source
Version: 2.28-4
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
 binutils   - GNU assembler, linker and binary utilities
 binutils-aarch64-linux-gnu - GNU binary utilities, for aarch64-linux-gnu target
 binutils-alpha-linux-gnu - GNU binary utilities, for alpha-linux-gnu target
 binutils-arm-linux-gnueabi - GNU binary utilities, for arm-linux-gnueabi target
 binutils-arm-linux-gnueabihf - GNU binary utilities, for arm-linux-gnueabihf target
 binutils-dev - GNU binary utilities (BFD development files)
 binutils-doc - Documentation for the GNU assembler, linker and binary utilities
 binutils-hppa-linux-gnu - GNU binary utilities, for hppa-linux-gnu target
 binutils-hppa64-linux-gnu - GNU assembler, linker and binary utilities targeted for hppa64-li
 binutils-m68k-linux-gnu - GNU binary utilities, for m68k-linux-gnu target
 binutils-mips-linux-gnu - GNU binary utilities, for mips-linux-gnu target
 binutils-mips64-linux-gnuabi64 - GNU binary utilities, for mips64-linux-gnuabi64 target
 binutils-mips64-linux-gnuabin32 - GNU binary utilities, for mips64-linux-gnuabin32 target
 binutils-mips64el-linux-gnuabi64 - GNU binary utilities, for mips64el-linux-gnuabi64 target
 binutils-mips64el-linux-gnuabin32 - GNU binary utilities, for mips64el-linux-gnuabin32 target
 binutils-mipsel-linux-gnu - GNU binary utilities, for mipsel-linux-gnu target
 binutils-multiarch - Binary utilities that support multi-arch targets
 binutils-multiarch-dev - GNU binary utilities that support multi-arch targets (BFD develop
 binutils-powerpc-linux-gnu - GNU binary utilities, for powerpc-linux-gnu target
 binutils-powerpc-linux-gnuspe - GNU binary utilities, for powerpc-linux-gnuspe target
 binutils-powerpc64-linux-gnu - GNU binary utilities, for powerpc64-linux-gnu target
 binutils-powerpc64le-linux-gnu - GNU binary utilities, for powerpc64le-linux-gnu target
 binutils-s390x-linux-gnu - GNU binary utilities, for s390x-linux-gnu target
 binutils-sh4-linux-gnu - GNU binary utilities, for sh4-linux-gnu target
 binutils-source - GNU assembler, linker and binary utilities (source)
 binutils-sparc64-linux-gnu - GNU binary utilities, for sparc64-linux-gnu target
Closes: 859989
Changes:
 binutils (2.28-4) unstable; urgency=medium
 .
   * Update, taken from the 2.28 branch 20170418.
     - Fix PR ld/21233: Avoid sweeping forced-undefined symbols in section GC.
     - BFD fix.
     - Fix PR ld/19579, PR ld/21306, link error with PIE on s390x.
   * Fix PR binutils/21342, null pointer dereferences when using a link built
     with clang. Closes: #859989. CVE-2017-7614.
Checksums-Sha1:
 71a694739b9e48104818895f1d3ef786837281cb 4374 binutils_2.28-4.dsc
 33c49a42294b6686addabb5e767d36746ebab7ef 116329 binutils_2.28-4.diff.gz
 13389f0e37325b4779785eca4f9fc40d474ecb01 6330 binutils_2.28-4_source.buildinfo
Checksums-Sha256:
 1e4d84116469c89a7fbe9e5e21f2be703fe4173ec16f8a34449b727fb061d70d 4374 binutils_2.28-4.dsc
 fc56919cd2bd9e5d8aec1046af092434d0ff042e1a8bf9defa76288f1b1b7ec5 116329 binutils_2.28-4.diff.gz
 852f6ce8e1c74106bf91c3afba861c93dd0e5a4daa22fea24376c82c26e40a8c 6330 binutils_2.28-4_source.buildinfo
Files:
 272a6aa4c6b6108e69afdefd396e362e 4374 devel optional binutils_2.28-4.dsc
 f3c3579ff0c3c4b160fc587bda963403 116329 devel optional binutils_2.28-4.diff.gz
 1b72c983382f78a982cd416690c9880e 6330 devel optional binutils_2.28-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlj1cY4QHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9UmXD/9eQn8zpurZEU13CWfiJBdQAUYaTsyCkbc9
1Tuca4OeV0zTf2ciXC/trY/dH1nDFMYZ8VGTln1yYeheg2Mb0/1d98vrBMmHSAJC
NvDtP46CG7/oHA/EtItmGxmQ4ag+5pMfx2wXvMMiUxEIUId5j4leATQ2O1Tw0uLX
9MEogLuTslvBT9dCYT5vEJJ85xeP3IE9F97EDexQGNzAmDq9lnn8Oi2PyOksSW8D
r/qZY/XluNBRsJmRDLcC7h8o2Bvvbes5DhC4tWvSycRNTDQ8pfqSU22J/i195PaN
ZpB8pa4+ALjw5arSsPKEtcmwqRx2C0FgxyInfi8Svqp3k86DovoakBVX2DBOVAO0
eBk5SS42bjpNh+EIsGpu7tlBtMq19aAyqYD7eJicQxE2N70YFuwZ9dKycSt8Wt+p
A3aDbKVRg0GHhZDvc48uTVEqbWds8gA+FQpUS7D0q7O6FEnv/d8xH9vkzikFFsFC
rwfyHiailm/t2nrMaZU6sho0+TgeR6wIZmVRw1sTpFEOSQuqPxK2XU+fIW6ShDbM
JK89q0YLMxV6JyNlnTnlaGf4lTRQofRRmx2DddZ5zOoZXkCmmGPt69LtO1HTjP6u
Yy3OFa142Ahul2cWuTV3XklqNjUegMyvNMeMnyeMmgNSChYJXCuOitbIyiXFuzop
6YI2tPAiYg==
=uTbG
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 12 Jun 2017 07:27:24 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:17:32 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started