DOCSLIB.ORG

K01152385: Binutils Vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
K01152385: Binutils Vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700 K01152385: Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700 Security Advisory Original Publication Date: Jul 23, 2018 Update Date: Jul 23, 2018 Security Advisory Description CVE-2018-8945 The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. CVE-2018-12697 A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. CVE-2018-12698 demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. CVE-2018-12699 finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. CVE-2018-12700 A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. Impact The vulnerability allows remote attackers to cause a denial of service (DoS) on the affected system. Security Advisory Status F5 Product Development has assigned CPF-24951 and CPF-24952 (Traffix) to this vulnerability. To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to K51812227: Understanding Security Advisory versioning. Versions Fixes Vulnerable known to CVSSv3 Product Branch introduced Severity component be score1 in or feature vulnerable Not 13.x None BIG-IP (LTM, AAM, AFM, Analytics, applicable APM, ASM, DNS, Edge Gateway, FPS, Not Not 12.x None None None GTM, Link Controller, PEM, applicable vulnerable WebAccelerator) Not 11.x None applicable Not Not ARX 6.x None None None applicable vulnerable Not Not Enterprise Manager 3.x None None None applicable vulnerable Not 6.x None applicable Not Not BIG-IQ Centralized Management 5.x None None None applicable vulnerable Not 4.x None applicable Not Not BIG-IQ Cloud and Orchestration 1.x None None None applicable vulnerable Not Not F5 iWorkflow 2.x None None None applicable vulnerable 5.0.0 - 5.x None Traffix SDC 5.1.0 Low 3.3 BinUtils 4.x 4.4.0 None 1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation None Supplemental Information K51812227: Understanding Security Advisory versioning K41942608: Overview of Security Advisory articles K4602: Overview of the F5 security vulnerability response policy K9970: Subscribing to email notifications regarding F5 products K9957: Creating a custom RSS feed to view new and updated documents K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems Applies to: Product: BIG-IQ, BIG-IQ Centralized Management 6.0.0, 5.4.0, 5.3.0, 5.2.0, 5.1.0, 5.0.0, 4.6.0 Product: BIG-IP, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG- IP Edge Gateway, BIG-IP FPS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP LTM, BIG-IP PEM, BIG-IP WebAccelerator 13.1.0, 13.0.1, 13.0.0, 12.1.3, 12.1.2, 12.1.1, 12.1.0, 11.6.3, 11.6.2, 11.6.1, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1, 11.2.1 Product: Enterprise Manager 3.1.1 Product: F5 iWorkflow 2.3.0, 2.2.0, 2.1.0 Product: ARX, ARX 6.4.0, 6.3.0, 6.2.0 Product: Traffix SDC 5.1.0, 4.4.0 Product: BIG-IQ Cloud and Orchestration 1.0.0.
Load more

Recommended publications
  • Using the GNU Compiler Collection (GCC)
    Using the GNU Compiler Collection (GCC) Using the GNU Compiler Collection by Richard M. Stallman and the GCC Developer Community Last updated 23 May 2004 for GCC 3.4.6 For GCC Version 3.4.6 Published by: GNU Press Website: www.gnupress.org a division of the General: [email protected] Free Software Foundation Orders: [email protected] 59 Temple Place Suite 330 Tel 617-542-5942 Boston, MA 02111-1307 USA Fax 617-542-2652 Last printed October 2003 for GCC 3.3.1. Printed copies are available for $45 each. Copyright c 1988, 1989, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being \GNU General Public License" and \Funding Free Software", the Front-Cover texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled \GNU Free Documentation License". (a) The FSF's Front-Cover Text is: A GNU Manual (b) The FSF's Back-Cover Text is: You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development. i Short Contents Introduction ...................................... 1 1 Programming Languages Supported by GCC ............ 3 2 Language Standards Supported by GCC ............... 5 3 GCC Command Options .........................
    [Show full text]
  • The GNU Configure and Build System
    The GNU configure and build system Ian Lance Taylor Copyright c 1998 Cygnus Solutions Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the con- ditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. i Table of Contents 1 Introduction ............................... 1 1.1 Goals................................................... 1 1.2 Tools ................................................... 1 1.3 History ................................................. 1 1.4 Building ................................................ 2 2 Getting Started............................ 3 2.1 Write configure.in ....................................... 4 2.2 Write Makefile.am ....................................... 6 2.3 Write acconfig.h......................................... 7 2.4 Generate files ........................................... 8 2.5 Example................................................ 8 2.5.1 First Try....................................... 9 2.5.2 Second Try.................................... 10 2.5.3 Third
    [Show full text]
  • Release 0.11 Todd Gamblin
    Spack Documentation Release 0.11 Todd Gamblin Feb 07, 2018 Basics 1 Feature Overview 3 1.1 Simple package installation.......................................3 1.2 Custom versions & configurations....................................3 1.3 Customize dependencies.........................................4 1.4 Non-destructive installs.........................................4 1.5 Packages can peacefully coexist.....................................4 1.6 Creating packages is easy........................................4 2 Getting Started 7 2.1 Prerequisites...............................................7 2.2 Installation................................................7 2.3 Compiler configuration..........................................9 2.4 Vendor-Specific Compiler Configuration................................ 13 2.5 System Packages............................................. 16 2.6 Utilities Configuration.......................................... 18 2.7 GPG Signing............................................... 20 2.8 Spack on Cray.............................................. 21 3 Basic Usage 25 3.1 Listing available packages........................................ 25 3.2 Installing and uninstalling........................................ 42 3.3 Seeing installed packages........................................ 44 3.4 Specs & dependencies.......................................... 46 3.5 Virtual dependencies........................................... 50 3.6 Extensions & Python support...................................... 53 3.7 Filesystem requirements........................................
    [Show full text]
  • Gnu Libiberty September 2001 for GCC 3
    gnu libiberty September 2001 for GCC 3 Phil Edwards et al. Copyright c 2001 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. i Table of Contents 1 Using ............................................ 1 2 Overview ........................................ 2 2.1 Supplemental Functions ........................................ 2 2.2 Replacement Functions ......................................... 2 2.2.1 Memory Allocation ........................................ 2 2.2.2 Exit Handlers ............................................. 2 2.2.3 Error Reporting ........................................... 2 2.3 Extensions ..................................................... 3 3 Obstacks......................................... 4 3.1 Creating Obstacks.............................................. 4 3.2 Preparing for Using Obstacks................................... 4 3.3 Allocation in an Obstack ....................................... 5 3.4 Freeing Objects in an Obstack.................................. 6 3.5 Obstack Functions and Macros ................................. 7 3.6 Growing Objects ............................................... 8 3.7 Extra Fast Growing Objects ...................................
    [Show full text]
  • Kafl: Hardware-Assisted Feedback Fuzzing for OS Kernels
    kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Sergej Schumilo1, Cornelius Aschermann1, Robert Gawlik1, Sebastian Schinzel2, Thorsten Holz1 1Ruhr-Universität Bochum, 2Münster University of Applied Sciences Motivation IJG jpeg libjpeg-turbo libpng libtiff mozjpeg PHP Mozilla Firefox Internet Explorer PCRE sqlite OpenSSL LibreOffice poppler freetype GnuTLS GnuPG PuTTY ntpd nginx bash tcpdump JavaScriptCore pdfium ffmpeg libmatroska libarchive ImageMagick BIND QEMU lcms Adobe Flash Oracle BerkeleyDB Android libstagefright iOS ImageIO FLAC audio library libsndfile less lesspipe strings file dpkg rcs systemd-resolved libyaml Info-Zip unzip libtasn1OpenBSD pfctl NetBSD bpf man mandocIDA Pro clamav libxml2glibc clang llvmnasm ctags mutt procmail fontconfig pdksh Qt wavpack OpenSSH redis lua-cmsgpack taglib privoxy perl libxmp radare2 SleuthKit fwknop X.Org exifprobe jhead capnproto Xerces-C metacam djvulibre exiv Linux btrfs Knot DNS curl wpa_supplicant Apple Safari libde265 dnsmasq libbpg lame libwmf uudecode MuPDF imlib2 libraw libbson libsass yara W3C tidy- html5 VLC FreeBSD syscons John the Ripper screen tmux mosh UPX indent openjpeg MMIX OpenMPT rxvt dhcpcd Mozilla NSS Nettle mbed TLS Linux netlink Linux ext4 Linux xfs botan expat Adobe Reader libav libical OpenBSD kernel collectd libidn MatrixSSL jasperMaraDNS w3m Xen OpenH232 irssi cmark OpenCV Malheur gstreamer Tor gdk-pixbuf audiofilezstd lz4 stb cJSON libpcre MySQL gnulib openexr libmad ettercap lrzip freetds Asterisk ytnefraptor mpg123 exempi libgmime pev v8 sed awk make
    [Show full text]
  • Licensing Information User Manual Oracle® ILOM Firmware
    Licensing Information User Manual ® Oracle ILOM Firmware Release 4.0.x Last Updated: December 2019 Part No: E81116-07 December 2019 Licensing Information User Manual Oracle ILOM Firmware Release 4.0.x Part No: E81116-07 Copyright © 2018, 2019, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Open Source Used in 250350550 Series Switches 2.5.5.X
    Open Source Used In 250350550 series switches 2.5.5.x Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-211198338 Open Source Used In 250350550 series switches 2.5.5.x 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-211198338 En ce qui a trait au logiciel gratuit ou à exploitation libre figurant dans ce document, si vous avez des questions ou souhaitez recevoir une copie du code source, auquel vous avez droit en vertu des licences gratuites ou d'exploitation libre applicables (telles que licences GNU Lesser/General Public), veuillez communiquer avec nous à l'adresse external- [email protected]. Dans vos demandes, veuillez inclure le numéro de référence 78EE117C99-211198338 Contents 1.1 arp-scan 1.9-40-g69b2f70-1 1.1.1 Available under license 1.2 avahi 0.6.32 1.2.1 Available under license 1.3 BOOST C++ Library 1.58.0 1.3.1 Available under license 1.4 bzip2 1.0.6 1.4.1 Available under license 1.5 curl 7.65.3 1.5.1 Available under
    [Show full text]
  • GNU Tools for E200 Processors Release Notes
    GNU Tools for e200 processors Release Notes Copyright c 2016 Freescale Semiconductor, Inc. Copyright c 2016-2018 NXP Table of Contents 1 Release description ::::::::::::::::::::::::::::: 1 2 What's new ::::::::::::::::::::::::::::::::::::: 2 3 Migration to version 1.2:::::::::::::::::::::::: 3 3.1 Update linker script :::::::::::::::::::::::::::::::::::::::::::: 3 3.2 Change instruction names :::::::::::::::::::::::::::::::::::::: 5 3.3 e200z4 decorated storage instructions ::::::::::::::::::::::::::: 5 4 New features :::::::::::::::::::::::::::::::::::: 6 4.1 Mixed BookE and VLE code assembly and linking :::::::::::::: 6 4.2 BookE to VLE translation:::::::::::::::::::::::::::::::::::::: 6 4.3 LSP intrinsics support:::::::::::::::::::::::::::::::::::::::::: 6 4.4 SPE2 intrinsics support :::::::::::::::::::::::::::::::::::::::: 6 4.5 Generate error for e200z425 errata:::::::::::::::::::::::::::::: 8 4.6 SPR registers support in GDB client ::::::::::::::::::::::::::: 9 5 Known issues :::::::::::::::::::::::::::::::::: 12 6 Release history :::::::::::::::::::::::::::::::: 13 6.1 Version 1.0:::::::::::::::::::::::::::::::::::::::::::::::::::: 14 6.2 Version 1.1:::::::::::::::::::::::::::::::::::::::::::::::::::: 14 6.3 Version 1.1.1 :::::::::::::::::::::::::::::::::::::::::::::::::: 15 6.4 Version 1.1.2 :::::::::::::::::::::::::::::::::::::::::::::::::: 15 6.5 Version 1.1.3 :::::::::::::::::::::::::::::::::::::::::::::::::: 15 6.6 Version 1.2:::::::::::::::::::::::::::::::::::::::::::::::::::: 15 6.7 Version 171017 ::::::::::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 4 Copyright © 1987, 1989, 1991-2004 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being "GNU General Public License" and "Funding Free Software", the Front-Cover texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled "GNU Free Documentation License". (a) The FSF's Front-Cover Text is: A GNU Manual (b) The FSF's Back-Cover Text is: You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development. For a copy of the GNU General Public License, see http://www.gnu.org/copyleft/gpl.html. This version is by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA gcc(EN)-4-Print-RHI (2005-02-01) Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other countries. All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the [email protected] key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E Table of Contents 1.
    [Show full text]
  • The GNU Configure and Build System
    The GNU configure and build system Ian Lance Taylor Copyright c 1998 Cygnus Solutions Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the con- ditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Chapter 1: Introduction 1 1 Introduction This document describes the GNU configure and build systems. It describes how autoconf, automake, libtool, and make fit together. It also includes a discussion of the older Cygnus configure system. This document does not describe in detail how to use each of the tools; see the respective manuals for that. Instead, it describes which files the developer must write, which files are machine generated and how they are generated, and where certain common problems should be addressed. This document draws on several sources, including the autoconf manual by David MacKenzie (see section “autoconf overview” in Autoconf ), the automake manual by David MacKenzie and Tom Tromey (see section “automake overview” in GNU Automake), the libtool manual by Gordon Matzigkeit (see section “libtool overview” in GNU libtool), and the Cygnus configure manual by K. Richard Pixley. 1.1 Goals The GNU configure and build system has two main goals.
    [Show full text]
  • Section “Introduction” in Using the GNU Compiler Collection (GCC)
    Using the GNU Compiler Collection (GCC) Using the GNU Compiler Collection by Richard M. Stallman and the GCC Developer Community For GCC Version 4.1.2 Published by: GNU Press Website: www.gnupress.org a division of the General: [email protected] Free Software Foundation Orders: [email protected] 51 Franklin Street, Fifth Floor Tel 617-542-5942 Boston, MA 02110-1301 USA Fax 617-542-2652 Last printed October 2003 for GCC 3.3.1. Printed copies are available for $45 each. Copyright c 1988, 1989, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being “GNU General Public License” and “Funding Free Software”, the Front-Cover texts being (a) (see below), and with the Back-Cover Texts being (b) (see below). A copy of the license is included in the section entitled “GNU Free Documentation License”. (a) The FSF’s Front-Cover Text is: A GNU Manual (b) The FSF’s Back-Cover Text is: You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development. i Short Contents Introduction ...................................... 1 1 Programming Languages Supported by GCC ............ 3 2 Language Standards Supported by GCC ............... 5 3 GCC Command Options .......................... 7 4 C Implementation-defined behavior ................. 205 5 Extensions to the C Language Family ...............
    [Show full text]
  • Free Software Notice
    Dear Customer / To Whom It May Concern, You may have received from Cisco-Linksys LLC, a wholly-owned subsidiary of Cisco Systems, Inc., certain products that contained – in part – some free software (software licensed in a way that ensures your freedom to run, copy, distribute, study, change and improve the software). Such products include the ADSL2MUE, EFG120, EFG250, NAS200, NSLU2, RV series (including RV016, RV042, RV082, RVS4000, RV0041, and RVL200), SPA400, WAG54G, WAG300N, WAP series (including WAP4400N, WAP55AG, WAP4400N, and WAP54GPE), WET54GS5, WIP300, WMA11B, WPG54G, WRE54G, WRT series (including WRT54GL, WRT54GX, WRT54GX2, WRT54GX4, WRT54GR, WRT55AGv1, WRT55AGv2, WRTP54G, WRT54GS, WRT55AG, WRT350N, and WRT300N), WRV series (including WRV200, WRV54G, WRV54G-CA, and WRVS4400N), WVC54GC, WVC54G, and Quick- VPN products. As part of these products, Cisco-Linksys LLC or its distributors may have distributed to you hardware and/or software, or made available electronic downloads, that contained a version of BINUTILS, GCC, GDB, LIBC, LIBFETISH, LIBIBERTY, PARTED, READLINE, and WGET, which are free (i.e., freedom-respecting – see http://www.gnu.org/philosophy/free-sw.html for more details) software programs developed by the Free Software Foundation, a separate not-for- profit organization without any affiliation to Cisco-Linksys LLC. If we distributed any of these free software programs to you, we want you to know that you were granted a license to that software under the terms of either the GNU General Public License or GNU Lesser General Public License (“Licenses”; copies of which are available from http://www.gnu.org/licenses/licenses.html). The Licenses allow you to freely copy, modify and redistribute that software and no other statement or documentation from us, including our End User License Agreement, places any additional restrictions on what you may do with that software.
    [Show full text]