Bug 1059050 - (CVE-2017-14529) VUL-0: CVE-2017-14529: binutils: pe_print_idata function in peXXigen.c allows remote attackers to cause a denial of service
(CVE-2017-14529)
VUL-0: CVE-2017-14529: binutils: pe_print_idata function in peXXigen.c allows...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michael Matz
Security Team bot
https://smash.suse.de/issue/192134/
CVSSv3:SUSE:CVE-2017-14529:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-09-18 06:37 UTC by Alexander Bergmann
Modified: 2019-05-22 00:43 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
QA Reproducer (13.05 KB, application/x-ms-dos-executable)
2017-09-18 06:41 UTC, Alexander Bergmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-09-18 06:37:41 UTC
CVE-2017-14529

The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD)
library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName
vector entries, which allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted PE file,
related to the bfd_getl16 function.

Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=22113

Upstream fix:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
https://sourceware.org/bugzilla/show_bug.cgi?id=22113
Comment 1 Alexander Bergmann 2017-09-18 06:41:31 UTC
Created attachment 740855 [details]
QA Reproducer

#> valgrind objdump -x -Wl -R -SD objdump_hoobr_bfd_getl16
...
==2880== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Comment 2 Bernhard Wiedemann 2017-10-04 12:05:39 UTC
This is an autogenerated message for OBS integration:
This bug (1059050) was mentioned in
https://build.opensuse.org/request/show/531177 Factory / binutils
Comment 4 Bernhard Wiedemann 2017-10-05 16:05:25 UTC
This is an autogenerated message for OBS integration:
This bug (1059050) was mentioned in
https://build.opensuse.org/request/show/531786 Factory / binutils
Comment 6 Swamp Workflow Management 2017-12-01 02:16:15 UTC
SUSE-SU-2017:3170-1: An update that solves 57 vulnerabilities and has 18 fixes is now available.

Category: security (moderate)
Bug References: 1003846,1025282,1029907,1029908,1029909,1029995,1030296,1030297,1030298,1030583,1030584,1030585,1030588,1030589,1031590,1031593,1031595,1031638,1031644,1031656,1033122,1037052,1037057,1037061,1037062,1037066,1037070,1037072,1037273,1038874,1038875,1038876,1038877,1038878,1038880,1038881,1044891,1044897,1044901,1044909,1044925,1044927,1046094,1052061,1052496,1052503,1052507,1052509,1052511,1052514,1052518,1053347,1056312,1056437,1057139,1057144,1057149,1058480,1059050,1060599,1060621,1061241,437293,445037,546106,561142,578249,590820,691290,698346,713504,776968,863764,938658,970239
CVE References: CVE-2014-9939,CVE-2017-12448,CVE-2017-12450,CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12456,CVE-2017-12799,CVE-2017-13757,CVE-2017-14128,CVE-2017-14129,CVE-2017-14130,CVE-2017-14333,CVE-2017-14529,CVE-2017-14729,CVE-2017-14745,CVE-2017-14974,CVE-2017-6965,CVE-2017-6966,CVE-2017-6969,CVE-2017-7209,CVE-2017-7210,CVE-2017-7223,CVE-2017-7224,CVE-2017-7225,CVE-2017-7226,CVE-2017-7227,CVE-2017-7299,CVE-2017-7300,CVE-2017-7301,CVE-2017-7302,CVE-2017-7303,CVE-2017-7304,CVE-2017-7614,CVE-2017-8392,CVE-2017-8393,CVE-2017-8394,CVE-2017-8395,CVE-2017-8396,CVE-2017-8397,CVE-2017-8398,CVE-2017-8421,CVE-2017-9038,CVE-2017-9039,CVE-2017-9040,CVE-2017-9041,CVE-2017-9042,CVE-2017-9043,CVE-2017-9044,CVE-2017-9746,CVE-2017-9747,CVE-2017-9748,CVE-2017-9750,CVE-2017-9755,CVE-2017-9756,CVE-2017-9954,CVE-2017-9955
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    binutils-2.29.1-9.20.2, cross-ppc-binutils-2.29.1-9.20.2, cross-spu-binutils-2.29.1-9.20.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    binutils-2.29.1-9.20.2, cross-ppc-binutils-2.29.1-9.20.2, cross-spu-binutils-2.29.1-9.20.2
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    binutils-2.29.1-9.20.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    binutils-2.29.1-9.20.2
SUSE Linux Enterprise Server 12-SP3 (src):    binutils-2.29.1-9.20.2
SUSE Linux Enterprise Server 12-SP2 (src):    binutils-2.29.1-9.20.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    binutils-2.29.1-9.20.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    binutils-2.29.1-9.20.2
OpenStack Cloud Magnum Orchestration 7 (src):    binutils-2.29.1-9.20.2
Comment 7 Swamp Workflow Management 2017-12-02 20:14:12 UTC
openSUSE-SU-2017:3199-1: An update that solves 57 vulnerabilities and has 18 fixes is now available.

Category: security (moderate)
Bug References: 1003846,1025282,1029907,1029908,1029909,1029995,1030296,1030297,1030298,1030583,1030584,1030585,1030588,1030589,1031590,1031593,1031595,1031638,1031644,1031656,1033122,1037052,1037057,1037061,1037062,1037066,1037070,1037072,1037273,1038874,1038875,1038876,1038877,1038878,1038880,1038881,1044891,1044897,1044901,1044909,1044925,1044927,1046094,1052061,1052496,1052503,1052507,1052509,1052511,1052514,1052518,1053347,1056312,1056437,1057139,1057144,1057149,1058480,1059050,1060599,1060621,1061241,437293,445037,546106,561142,578249,590820,691290,698346,713504,776968,863764,938658,970239
CVE References: CVE-2014-9939,CVE-2017-12448,CVE-2017-12450,CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12456,CVE-2017-12799,CVE-2017-13757,CVE-2017-14128,CVE-2017-14129,CVE-2017-14130,CVE-2017-14333,CVE-2017-14529,CVE-2017-14729,CVE-2017-14745,CVE-2017-14974,CVE-2017-6965,CVE-2017-6966,CVE-2017-6969,CVE-2017-7209,CVE-2017-7210,CVE-2017-7223,CVE-2017-7224,CVE-2017-7225,CVE-2017-7226,CVE-2017-7227,CVE-2017-7299,CVE-2017-7300,CVE-2017-7301,CVE-2017-7302,CVE-2017-7303,CVE-2017-7304,CVE-2017-7614,CVE-2017-8392,CVE-2017-8393,CVE-2017-8394,CVE-2017-8395,CVE-2017-8396,CVE-2017-8397,CVE-2017-8398,CVE-2017-8421,CVE-2017-9038,CVE-2017-9039,CVE-2017-9040,CVE-2017-9041,CVE-2017-9042,CVE-2017-9043,CVE-2017-9044,CVE-2017-9746,CVE-2017-9747,CVE-2017-9748,CVE-2017-9750,CVE-2017-9755,CVE-2017-9756,CVE-2017-9954,CVE-2017-9955
Sources used:
openSUSE Leap 42.3 (src):    binutils-2.29.1-13.1, cross-aarch64-binutils-2.29.1-13.1, cross-arm-binutils-2.29.1-13.1, cross-avr-binutils-2.29.1-13.1, cross-hppa-binutils-2.29.1-13.1, cross-hppa64-binutils-2.29.1-13.1, cross-i386-binutils-2.29.1-13.1, cross-ia64-binutils-2.29.1-13.1, cross-m68k-binutils-2.29.1-13.1, cross-mips-binutils-2.29.1-13.1, cross-ppc-binutils-2.29.1-13.1, cross-ppc64-binutils-2.29.1-13.1, cross-ppc64le-binutils-2.29.1-13.1, cross-s390-binutils-2.29.1-13.1, cross-s390x-binutils-2.29.1-13.1, cross-sparc-binutils-2.29.1-13.1, cross-sparc64-binutils-2.29.1-13.1, cross-spu-binutils-2.29.1-13.1, cross-x86_64-binutils-2.29.1-13.1
openSUSE Leap 42.2 (src):    binutils-2.29.1-9.6.1, cross-aarch64-binutils-2.29.1-9.6.1, cross-arm-binutils-2.29.1-9.6.1, cross-avr-binutils-2.29.1-9.6.1, cross-hppa-binutils-2.29.1-9.6.1, cross-hppa64-binutils-2.29.1-9.6.1, cross-i386-binutils-2.29.1-9.6.1, cross-ia64-binutils-2.29.1-9.6.1, cross-m68k-binutils-2.29.1-9.6.1, cross-mips-binutils-2.29.1-9.6.1, cross-ppc-binutils-2.29.1-9.6.1, cross-ppc64-binutils-2.29.1-9.6.1, cross-ppc64le-binutils-2.29.1-9.6.1, cross-s390-binutils-2.29.1-9.6.1, cross-s390x-binutils-2.29.1-9.6.1, cross-sparc-binutils-2.29.1-9.6.1, cross-sparc64-binutils-2.29.1-9.6.1, cross-spu-binutils-2.29.1-9.6.1, cross-x86_64-binutils-2.29.1-9.6.1
Comment 8 Swamp Workflow Management 2018-01-09 20:17:53 UTC
SUSE-SU-2018:0053-1: An update that solves 29 vulnerabilities and has 57 fixes is now available.

Category: security (moderate)
Bug References: 1003846,1004995,1009966,1022404,1025282,1025891,1026567,1029907,1029908,1029909,1029995,1030623,1035386,1036619,1039099,1039276,1039513,1040800,1040968,1041090,1043059,1043590,1043883,1043966,1044016,1045472,1045522,1045732,1047178,1047233,1048605,1048861,1050152,1050258,1050487,1052503,1052507,1052509,1052511,1052514,1052518,1053137,1053347,1053595,1053671,1055446,1055641,1055825,1056058,1056312,1056381,1057007,1057139,1057144,1057149,1057188,1057634,1057721,1057724,1058480,1058695,1058783,1059050,1059065,1059075,1059292,1059723,1060599,1060621,1061241,1061384,1062561,1063249,1063269,1064571,1064999,1065363,1066242,1066371,1066500,1066611,1067891,1070878,1070958,1071905,1071906
CVE References: CVE-2014-3710,CVE-2014-8116,CVE-2014-8117,CVE-2014-9620,CVE-2014-9621,CVE-2014-9653,CVE-2017-12448,CVE-2017-12450,CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12456,CVE-2017-12799,CVE-2017-12837,CVE-2017-12883,CVE-2017-13757,CVE-2017-14128,CVE-2017-14129,CVE-2017-14130,CVE-2017-14333,CVE-2017-14529,CVE-2017-14729,CVE-2017-14745,CVE-2017-14974,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2017-6512
Sources used:
SUSE CaaS Platform ALL (src):    sles12-caasp-dex-image-2.0.0-3.3.11, sles12-dnsmasq-nanny-image-2.0.1-2.3.15, sles12-haproxy-image-2.0.1-2.3.16, sles12-kubedns-image-2.0.1-2.3.11, sles12-mariadb-image-2.0.1-2.3.15, sles12-openldap-image-2.0.0-2.3.11, sles12-pause-image-2.0.1-2.3.9, sles12-pv-recycler-node-image-2.0.1-2.3.10, sles12-salt-api-image-2.0.1-2.3.10, sles12-salt-master-image-2.0.1-2.3.10, sles12-salt-minion-image-2.0.1-2.3.14, sles12-sidecar-image-2.0.1-2.3.11, sles12-tiller-image-2.0.0-2.3.11, sles12-velum-image-2.0.1-2.3.13
Comment 9 Johannes Segitz 2018-06-21 12:03:09 UTC
SUSE will not provide a fix for older products for this issue since the risk to our customers posed by this is negligible.