diff --git a/SPECS/binutils/CVE-2025-7545.patch b/SPECS/binutils/CVE-2025-7545.patch new file mode 100644 index 00000000000..28b7ca0e578 --- /dev/null +++ b/SPECS/binutils/CVE-2025-7545.patch @@ -0,0 +1,38 @@ +From 255c74cb9030905028a4f9ce07aff56039844152 Mon Sep 17 00:00:00 2001 +From: Azure Linux Security Servicing Account + +Date: Thu, 17 Jul 2025 08:46:38 +0000 +Subject: [PATCH] Fix CVE CVE-2025-7545 in binutils + +Upstream Patch Reference: https://github.com/bminor/binutils-gdb/commit/08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944.patch +--- + binutils/objcopy.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/binutils/objcopy.c b/binutils/objcopy.c +index 3569b890..c09d85d1 100644 +--- a/binutils/objcopy.c ++++ b/binutils/objcopy.c +@@ -4514,6 +4514,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + char *to = (char *) memhunk; + char *end = (char *) memhunk + size; + int i; ++ bfd_size_type memhunk_size = size; + + /* If the section address is not exactly divisible by the interleave, + then we must bias the from address. If the copy_byte is less than +@@ -4533,6 +4534,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) + } + + size = (size + interleave - 1 - copy_byte) / interleave * copy_width; ++ ++ /* Don't extend the output section size. */ ++ if (size > memhunk_size) ++ size = memhunk_size; ++ + osection->lma /= interleave; + if (copy_byte < extra) + osection->lma++; +-- +2.45.3 + diff --git a/SPECS/binutils/CVE-2025-7546.patch b/SPECS/binutils/CVE-2025-7546.patch new file mode 100644 index 00000000000..8556d49c473 --- /dev/null +++ b/SPECS/binutils/CVE-2025-7546.patch @@ -0,0 +1,49 @@ +From 35b1514eba18a239c85867ab4132408d85e1e120 Mon Sep 17 00:00:00 2001 +From: Azure Linux Security Servicing Account + +Date: Thu, 17 Jul 2025 08:48:22 +0000 +Subject: [PATCH] Fix CVE CVE-2025-7546 in binutils + +Upstream Patch Reference: https://github.com/bminor/binutils-gdb/commit/41461010eb7c79fee7a9d5f6209accdaac66cc6b.patch +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index d38e0aff..1de0cec0 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -4120,20 +4120,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) + break; + } + +- /* We should always get here with loc == sec->contents + 4, but it is +- possible to craft bogus SHT_GROUP sections that will cause segfaults +- in objcopy without checking loc here and in the loop above. */ +- if (loc == sec->contents) +- BFD_ASSERT (0); +- else ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ ++ loc -= 4; ++ if (loc != sec->contents) + { +- loc -= 4; +- if (loc != sec->contents) +- { +- BFD_ASSERT (0); +- memset (sec->contents + 4, 0, loc - sec->contents); +- loc = sec->contents; +- } ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = true; ++ return; + } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); +-- +2.45.3 + diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec index 33678f413b2..8a4de6daf61 100644 --- a/SPECS/binutils/binutils.spec +++ b/SPECS/binutils/binutils.spec @@ -21,7 +21,7 @@ Summary: Contains a linker, an assembler, and other tools Name: binutils Version: 2.41 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -40,6 +40,8 @@ Patch6: CVE-2025-0840.patch Patch7: CVE-2025-1744.patch Patch8: CVE-2025-5245.patch Patch9: CVE-2025-5244.patch +Patch10: CVE-2025-7546.patch +Patch11: CVE-2025-7545.patch Provides: bundled(libiberty) # Moving macro before the "SourceX" tags breaks PR checks parsing the specs. @@ -329,6 +331,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %do_files aarch64-linux-gnu %{build_aarch64} %changelog +* Thu Jul 17 2025 Azure Linux Security Servicing Account - 2.41-7 +- Patch for CVE-2025-7546, CVE-2025-7545 + * Wed May 28 2025 Akarsh Chaudhary - 2.41-6 - Patch CVE-2025-5245 , CVE-2025-5244 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index a12b7bd5328..81bb3c775fd 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -13,8 +13,8 @@ zlib-devel-1.3.1-1.azl3.aarch64.rpm file-5.45-1.azl3.aarch64.rpm file-devel-5.45-1.azl3.aarch64.rpm file-libs-5.45-1.azl3.aarch64.rpm -binutils-2.41-6.azl3.aarch64.rpm -binutils-devel-2.41-6.azl3.aarch64.rpm +binutils-2.41-7.azl3.aarch64.rpm +binutils-devel-2.41-7.azl3.aarch64.rpm gmp-6.3.0-1.azl3.aarch64.rpm gmp-devel-6.3.0-1.azl3.aarch64.rpm mpfr-4.2.1-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 65584a1ee3e..1c6786ee06e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -13,8 +13,8 @@ zlib-devel-1.3.1-1.azl3.x86_64.rpm file-5.45-1.azl3.x86_64.rpm file-devel-5.45-1.azl3.x86_64.rpm file-libs-5.45-1.azl3.x86_64.rpm -binutils-2.41-6.azl3.x86_64.rpm -binutils-devel-2.41-6.azl3.x86_64.rpm +binutils-2.41-7.azl3.x86_64.rpm +binutils-devel-2.41-7.azl3.x86_64.rpm gmp-6.3.0-1.azl3.x86_64.rpm gmp-devel-6.3.0-1.azl3.x86_64.rpm mpfr-4.2.1-1.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 960e440200d..e196c1b06db 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -30,9 +30,9 @@ bash-5.2.15-3.azl3.aarch64.rpm bash-debuginfo-5.2.15-3.azl3.aarch64.rpm bash-devel-5.2.15-3.azl3.aarch64.rpm bash-lang-5.2.15-3.azl3.aarch64.rpm -binutils-2.41-6.azl3.aarch64.rpm -binutils-debuginfo-2.41-6.azl3.aarch64.rpm -binutils-devel-2.41-6.azl3.aarch64.rpm +binutils-2.41-7.azl3.aarch64.rpm +binutils-debuginfo-2.41-7.azl3.aarch64.rpm +binutils-devel-2.41-7.azl3.aarch64.rpm bison-3.8.2-1.azl3.aarch64.rpm bison-debuginfo-3.8.2-1.azl3.aarch64.rpm bzip2-1.0.8-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 812f48b5f79..f13267bf4b8 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -32,10 +32,10 @@ bash-5.2.15-3.azl3.x86_64.rpm bash-debuginfo-5.2.15-3.azl3.x86_64.rpm bash-devel-5.2.15-3.azl3.x86_64.rpm bash-lang-5.2.15-3.azl3.x86_64.rpm -binutils-2.41-6.azl3.x86_64.rpm -binutils-aarch64-linux-gnu-2.41-6.azl3.x86_64.rpm -binutils-debuginfo-2.41-6.azl3.x86_64.rpm -binutils-devel-2.41-6.azl3.x86_64.rpm +binutils-2.41-7.azl3.x86_64.rpm +binutils-aarch64-linux-gnu-2.41-7.azl3.x86_64.rpm +binutils-debuginfo-2.41-7.azl3.x86_64.rpm +binutils-devel-2.41-7.azl3.x86_64.rpm bison-3.8.2-1.azl3.x86_64.rpm bison-debuginfo-3.8.2-1.azl3.x86_64.rpm bzip2-1.0.8-1.azl3.x86_64.rpm @@ -70,7 +70,7 @@ cracklib-lang-2.9.11-1.azl3.x86_64.rpm createrepo_c-1.0.3-1.azl3.x86_64.rpm createrepo_c-debuginfo-1.0.3-1.azl3.x86_64.rpm createrepo_c-devel-1.0.3-1.azl3.x86_64.rpm -cross-binutils-common-2.41-6.azl3.noarch.rpm +cross-binutils-common-2.41-7.azl3.noarch.rpm cross-gcc-common-13.2.0-7.azl3.noarch.rpm curl-8.11.1-3.azl3.x86_64.rpm curl-debuginfo-8.11.1-3.azl3.x86_64.rpm