[kirkstone,08/15] binutils : Fix CVE-2023-1972

Message ID	d46891efa23932a048f7cc4d82c6387e03262f76.1683386547.git.steve@sakoman.com
State	New, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/15] binutils : Fix CVE-2023-1972 Date: Sat, 6 May 2023 05:24:38 -1000 Message-Id: <d46891efa23932a048f7cc4d82c6387e03262f76.1683386547.git.steve@sakoman.com> In-Reply-To: <cover.1683386547.git.steve@sakoman.com> References: <cover.1683386547.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/15] ffmpeg: fix for CVE-2022-48434 \| expand [kirkstone,01/15] ffmpeg: fix for CVE-2022-48434 [kirkstone,02/15] connman: fix CVE-2023-28488 DoS in client.c [kirkstone,03/15] freetype: fix CVE-2023-2004 integer overflowin in tt_hvadvance_adjust() in src/tr… [kirkstone,04/15] go: fix CVE-2023-24534 denial of service from excessive memory allocation [kirkstone,05/15] go: Security fix for CVE-2023-24538 [kirkstone,06/15] binutils : Fix CVE-2023-25584 [kirkstone,07/15] binutils : Fix CVE-2023-25585 [kirkstone,08/15] binutils : Fix CVE-2023-1972 [kirkstone,09/15] binutils : Fix CVE-2023-25588 [kirkstone,10/15] webkitgtk: fix CVE-2022-32888 & CVE-2022-32923 [kirkstone,11/15] python3-cryptography: fix for CVE-2023-23931 [kirkstone,12/15] wic/bootimg-efi: if fixed-size is set then use that for mkdosfs [kirkstone,13/15] kernel-devicetree: allow specification of dtb directory [kirkstone,14/15] libbsd: Add correct license for all packages [kirkstone,15/15] run-postinsts: Set dependency for ldconfig to avoid boot issues

Message ID

d46891efa23932a048f7cc4d82c6387e03262f76.1683386547.git.steve@sakoman.com

State

New, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/15] binutils : Fix CVE-2023-1972
Date: Sat,  6 May 2023 05:24:38 -1000
Message-Id: 
 <d46891efa23932a048f7cc4d82c6387e03262f76.1683386547.git.steve@sakoman.com>
In-Reply-To: <cover.1683386547.git.steve@sakoman.com>
References: <cover.1683386547.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/15] ffmpeg: fix for CVE-2022-48434 | expand

Commit Message

Steve Sakoman May 6, 2023, 3:24 p.m. UTC

From: Deepthi Hemraj <deepadeepthi98@gmail.com>

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]

Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/0026-CVE-2023-1972.patch         | 41 +++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 408b503644..1ea17990c8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -54,5 +54,6 @@  SRC_URI = "\
      file://0022-CVE-2023-25584-2.patch \
      file://0022-CVE-2023-25584-3.patch \
      file://0023-CVE-2023-25585.patch \
+     file://0026-CVE-2023-1972.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
new file mode 100644
index 0000000000..f86adad217
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
@@ -0,0 +1,41 @@ 
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100)
+Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
+
+Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+
+  PR 30285
+  * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
+
+CVE: CVE-2023-1972
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 027d0143735..185028cbd97 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+	  bfd_set_error (bfd_error_file_too_big);
+	  goto error_return_verdef;
+	}
++
++      if (amt == 0)
++	goto error_return_verdef;
+       elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verdef == NULL)
+	goto error_return_verdef;
+@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+	  bfd_set_error (bfd_error_file_too_big);
+	  goto error_return;
+	}
++      if (amt == 0)
++	goto error_return;
+       elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verdef == NULL)
+	goto error_return;

[kirkstone,08/15] binutils : Fix CVE-2023-1972

Commit Message

Patch