From b430795c93173cefd5aec63c949277dba4133c6f Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 26 Feb 2019 12:22:14 +0000 Subject: [PATCH] Stop potential illegal memory access when parsing a corrupt MIPS binary. Resolves: #1680676 --- binutils-CVE-2019-9077.patch | 16 ++++++++++++++++ binutils.spec | 10 +++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 binutils-CVE-2019-9077.patch diff --git a/binutils-CVE-2019-9077.patch b/binutils-CVE-2019-9077.patch new file mode 100644 index 0000000..1790bfa --- /dev/null +++ b/binutils-CVE-2019-9077.patch @@ -0,0 +1,16 @@ +--- binutils.orig/binutils/readelf.c 2019-02-26 11:17:12.414525772 +0000 ++++ binutils-2.31.1/binutils/readelf.c 2019-02-26 12:11:40.642876742 +0000 +@@ -16009,6 +16009,13 @@ process_mips_specific (Filedata * fileda + return FALSE; + } + ++ /* PR 24243 */ ++ if (sect->sh_size < sizeof (* eopt)) ++ { ++ error (_("The MIPS options section is too small.\n")); ++ return FALSE; ++ } ++ + eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1, + sect->sh_size, _("options")); + if (eopt) diff --git a/binutils.spec b/binutils.spec index 0790e00..cab8998 100644 --- a/binutils.spec +++ b/binutils.spec @@ -75,7 +75,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.32 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -184,6 +184,10 @@ Patch15: binutils-CVE-2019-9074.patch # Lifetime: Fixed in 2.33 Patch16: binutils-CVE-2019-9075.patch +# Purpose: Stop illegal memory access parsing a corrupt MIPS binary. +# Lifetime: Fixed in 2.33 +Patch17: binutils-CVE-2019-9077.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -318,6 +322,7 @@ using libelf instead of BFD. %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -719,6 +724,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Tue Feb 26 2019 Nick Clifton - 2.32-6 +- Stop potential illegal memory access when parsing a corrupt MIPS binary. (#1680676) + * Tue Feb 26 2019 Nick Clifton - 2.32-5 - Stop potential illegal memory access when parsing corrupt archives. (#1680670)