Opened 5 months ago

Closed 4 months ago

#4887 closed enhancement (fixed)

binutils-2.37

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 11.0
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Douglas R. Reno, 5 months ago

Owner: changed from lfs-book to Douglas R. Reno
Status: newassigned

Fetch the rest of the updates for a full LFS core update.

comment:2 by Douglas R. Reno, 5 months ago

This release contains numerous bug fixes, and also the
following new features:

  * The GNU Binutils sources now requires a C99 compiler and library to
    build.

  * Support for the arm-symbianelf format has been removed.

  * Support for Realm Management Extension (RME) for AArch64 has been
    added.

  * A new linker option '-z report-relative-reloc' for x86 ELF targets
    has been added to report dynamic relative relocations.

  * A new linker option '-z start-stop-gc' has been added to disable
    special treatment of __start_*/__stop_* references when
    --gc-sections.

  * A new linker options '-Bno-symbolic' has been added which will
    cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.

  * The readelf tool has a new command line option which can be used to
    specify how the numeric values of symbols are reported.
    --sym-base=0|8|10|16 tells readelf to display the values in base 8,
    base 10 or base 16.  A sym base of 0 represents the default action
    of displaying values under 10000 in base 10 and values above that in
    base 16.

  * A new format has been added to the nm program.  Specifying
    '--format=just-symbols' (or just using -j) will tell the program to
    only display symbol names and nothing else.

  * A new command line option '--keep-section-symbols' has been added to
    objcopy and strip.  This stops the removal of unused section symbols
    when the file is copied.  Removing these symbols saves space, but
    sometimes they are needed by other tools.

  * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
    supported by objcopy now make undefined symbols weak on targets that
    support weak symbols. 

  * Readelf and objdump can now display and use the contents of .debug_sup
    sections.

  * Readelf and objdump will now follow links to separate debug info
    files by default.  This behaviour can be stopped via the use of the
    new '-wN' or '--debug-dump=no-follow-links' options for readelf and
    the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
    the old behaviour can be restored by the use of the
    '--enable-follow-debug-links=no' configure time option.

    The semantics of the =follow-links option have also been slightly
    changed.  When enabled, the option allows for the loading of symbol
    tables and string tables from the separate files which can be used
    to enhance the information displayed when dumping other sections,
    but it does not automatically imply that information from the
    separate files should be displayed.

    If other debug section display options are also enabled (eg
    '--debug-dump=info') then the contents of matching sections in both
    the main file and the separate debuginfo file *will* be displayed.
    This is because in most cases the debug section will only be present
    in one of the files.

    If however non-debug section display options are enabled (eg
    '--sections') then the contents of matching parts of the separate
    debuginfo file will *not* be displayed.  This is because in most
    cases the user probably only wanted to load the symbol information
    from the separate debuginfo file.  In order to change this behaviour
    a new command line option --process-links can be used.  This will
    allow di0pslay options to applied to both the main file and any
    separate debuginfo files.

  * Nm has a new command line option: '--quiet'.  This suppresses "no
    symbols" diagnostic.

comment:3 by Douglas R. Reno, 5 months ago

Priority: normalhigh

This version of binutils seems to contain four security fixes per Arch Linux:

CVE-2021-20197 (MEDIUM, arbitrary file system access): There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. The issue was fixed in binutils version 2.36, but subsequently the fix was partly reverted in version 2.36.1 because it was causing issues with the file archiver "ar". The full fix is queued to be included in version 2.36.2.

CVE-2021-3648 (LOW, denial of service): A flaw was discovered in GNU libiberty as distributed in GNU Binutils version 2.36.50. A crafted file can cause an infinite loop leading to a stack overflow and crash.

CVE-2021-3549 (LOW, arbitrary code execution): An out of bounds write security issue was found in GNU binutils objdump utility version 2.36.1. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section(), probably resulting in a crash or in some cases memory corruption.

CVE-2021-3530 (MEDIUM, arbitrary code execution): A security issue was discovered in GNU libiberty, as distributed in GNU Binutils version 2.36. A crafted file can cause a stack-based buffer overflow in demangle_path() in rust-demangle.c.

I will file an SA, but it's not nearly as important as the systemd or kernel vulnerabilities.

comment:4 by Douglas R. Reno, 4 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.