Opened 3 years ago
Closed 3 years ago
#4887 closed enhancement (fixed)
binutils-2.37
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.0 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (4)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
This release contains numerous bug fixes, and also the
following new features:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
--gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
--sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses "no
symbols" diagnostic.
comment:3 by , 3 years ago
| Priority: | normal → high |
|---|
This version of binutils seems to contain four security fixes per Arch Linux:
CVE-2021-20197 (MEDIUM, arbitrary file system access): There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue was fixed in binutils version 2.36, but subsequently the fix was partly reverted in version 2.36.1 because it was causing issues with the file archiver "ar". The full fix is queued to be included in version 2.36.2.
CVE-2021-3648 (LOW, denial of service): A flaw was discovered in GNU libiberty as distributed in GNU Binutils version 2.36.50. A crafted file can cause an infinite loop leading to a stack overflow and crash.
CVE-2021-3549 (LOW, arbitrary code execution): An out of bounds write security issue was found in GNU binutils objdump utility version 2.36.1. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section(), probably resulting in a crash or in some cases memory corruption.
CVE-2021-3530 (MEDIUM, arbitrary code execution): A security issue was discovered in GNU libiberty, as distributed in GNU Binutils version 2.36. A crafted file can cause a stack-based buffer overflow in demangle_path() in rust-demangle.c.
I will file an SA, but it's not nearly as important as the systemd or kernel vulnerabilities.
comment:4 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fetch the rest of the updates for a full LFS core update.