[AutoPR- Security] Patch binutils for CVE-2025-7545, CVE-2025-7546 [MEDIUM] (#14335)

azurelinux-security · Kanishk Bansal · web-flow · commit e4614ca13db0 · 2025-08-07T18:00:36.000+05:30
Signed-off-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
Co-authored-by: Kanishk Bansal &lt;kanbansal@microsoft.com&gt;
diff --git a/SPECS/binutils/CVE-2025-7545.patch b/SPECS/binutils/CVE-2025-7545.patch
@@ -0,0 +1,38 @@
+From 5ea79aec8f03363778904754b75337f73be0db16 Mon Sep 17 00:00:00 2001
+From: Azure Linux Security Servicing Account
+ <azurelinux-security@microsoft.com>
+Date: Thu, 17 Jul 2025 08:56:14 +0000
+Subject: [PATCH] Fix CVE CVE-2025-7545 in binutils
+
+Upstream Patch Reference: https://github.com/bminor/binutils-gdb/commit/08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944.patch
+---
+ binutils/objcopy.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index a6c2e0dc..b9552398 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -4438,6 +4438,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
+ 	  char *to = (char *) memhunk;
+ 	  char *end = (char *) memhunk + size;
+ 	  int i;
++	  bfd_size_type memhunk_size = size;
+ 
+ 	  /* If the section address is not exactly divisible by the interleave,
+ 	     then we must bias the from address.  If the copy_byte is less than
+@@ -4457,6 +4458,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
+ 	      }
+ 
+ 	  size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
++
++	  /* Don't extend the output section size.  */
++	  if (size > memhunk_size)
++	    size = memhunk_size;
++
+ 	  osection->lma /= interleave;
+ 	  if (copy_byte < extra)
+ 	    osection->lma++;
+-- 
+2.45.3
+
diff --git a/SPECS/binutils/CVE-2025-7546.patch b/SPECS/binutils/CVE-2025-7546.patch
@@ -0,0 +1,45 @@
+From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:52:00 +0800
+Subject: [PATCH] elf: Report corrupted group section
+
+Report corrupted group section instead of trying to recover.
+
+	PR binutils/33050
+	* elf.c (bfd_elf_set_group_contents): Report corrupted group
+	section.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+
+[AI Backported] Upstream Patch Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b
+---
+ bfd/elf.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 05bb9c99..4fc0a65e 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -3633,8 +3633,18 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
+ 	break;
+     }
+ 
++  /* We should always get here with loc == sec->contents + 4.  Return
++     an error for bogus SHT_GROUP sections.  */
+   loc -= 4;
+-  BFD_ASSERT (loc == sec->contents);
++  if (loc != sec->contents)
++    {
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
++                          abfd, sec);
++      bfd_set_error (bfd_error_bad_value);
++      *failedptr = true;
++      return;
++    }
+ 
+   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+-- 
+2.45.3
+
diff --git a/SPECS/binutils/binutils.spec b/SPECS/binutils/binutils.spec
@@ -21,7 +21,7 @@
 Summary:        Contains a linker, an assembler, and other tools
 Name:           binutils
 Version:        2.37
-Release:        15%{?dist}
+Release:        16%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -53,6 +53,8 @@ Patch18:         CVE-2025-1178.patch
 Patch19:	 CVE-2025-1744.patch
 Patch20:         CVE-2025-5245.patch
 Patch21:         CVE-2025-5244.patch
+Patch22:         CVE-2025-7545.patch
+Patch23:         CVE-2025-7546.patch
 Provides:       bundled(libiberty)
 
 # Moving macro before the "SourceX" tags breaks PR checks parsing the specs.
@@ -309,6 +311,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %do_files aarch64-linux-gnu %{build_aarch64}
 
 %changelog
+* Thu Jul 17 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.37-16
+- Patch for CVE-2025-7545, CVE-2025-7546
+
 * Mon Jun 9 2025 Akarsh Chaudhary <v-akarshc@microsoft.com>- 2.37-15
 - Patch CVE-2025-5245 ,CVE-2025-5244
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -12,8 +12,8 @@ zlib-devel-1.2.13-2.cm2.aarch64.rpm
 file-5.40-3.cm2.aarch64.rpm
 file-devel-5.40-3.cm2.aarch64.rpm
 file-libs-5.40-3.cm2.aarch64.rpm
-binutils-2.37-15.cm2.aarch64.rpm
-binutils-devel-2.37-15.cm2.aarch64.rpm
+binutils-2.37-16.cm2.aarch64.rpm
+binutils-devel-2.37-16.cm2.aarch64.rpm
 gmp-6.2.1-4.cm2.aarch64.rpm
 gmp-devel-6.2.1-4.cm2.aarch64.rpm
 mpfr-4.1.0-2.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -12,8 +12,8 @@ zlib-devel-1.2.13-2.cm2.x86_64.rpm
 file-5.40-3.cm2.x86_64.rpm
 file-devel-5.40-3.cm2.x86_64.rpm
 file-libs-5.40-3.cm2.x86_64.rpm
-binutils-2.37-15.cm2.x86_64.rpm
-binutils-devel-2.37-15.cm2.x86_64.rpm
+binutils-2.37-16.cm2.x86_64.rpm
+binutils-devel-2.37-16.cm2.x86_64.rpm
 gmp-6.2.1-4.cm2.x86_64.rpm
 gmp-devel-6.2.1-4.cm2.x86_64.rpm
 mpfr-4.1.0-2.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -9,9 +9,9 @@ bash-5.1.8-4.cm2.aarch64.rpm
 bash-debuginfo-5.1.8-4.cm2.aarch64.rpm
 bash-devel-5.1.8-4.cm2.aarch64.rpm
 bash-lang-5.1.8-4.cm2.aarch64.rpm
-binutils-2.37-15.cm2.aarch64.rpm
-binutils-debuginfo-2.37-15.cm2.aarch64.rpm
-binutils-devel-2.37-15.cm2.aarch64.rpm
+binutils-2.37-16.cm2.aarch64.rpm
+binutils-debuginfo-2.37-16.cm2.aarch64.rpm
+binutils-devel-2.37-16.cm2.aarch64.rpm
 bison-3.7.6-2.cm2.aarch64.rpm
 bison-debuginfo-3.7.6-2.cm2.aarch64.rpm
 bzip2-1.0.8-1.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -9,10 +9,10 @@ bash-5.1.8-4.cm2.x86_64.rpm
 bash-debuginfo-5.1.8-4.cm2.x86_64.rpm
 bash-devel-5.1.8-4.cm2.x86_64.rpm
 bash-lang-5.1.8-4.cm2.x86_64.rpm
-binutils-2.37-15.cm2.x86_64.rpm
-binutils-aarch64-linux-gnu-2.37-15.cm2.x86_64.rpm
-binutils-debuginfo-2.37-15.cm2.x86_64.rpm
-binutils-devel-2.37-15.cm2.x86_64.rpm
+binutils-2.37-16.cm2.x86_64.rpm
+binutils-aarch64-linux-gnu-2.37-16.cm2.x86_64.rpm
+binutils-debuginfo-2.37-16.cm2.x86_64.rpm
+binutils-devel-2.37-16.cm2.x86_64.rpm
 bison-3.7.6-2.cm2.x86_64.rpm
 bison-debuginfo-3.7.6-2.cm2.x86_64.rpm
 bzip2-1.0.8-1.cm2.x86_64.rpm
@@ -47,7 +47,7 @@ cracklib-lang-2.9.7-5.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm
-cross-binutils-common-2.37-15.cm2.noarch.rpm
+cross-binutils-common-2.37-16.cm2.noarch.rpm
 cross-gcc-common-11.2.0-8.cm2.noarch.rpm
 curl-8.8.0-6.cm2.x86_64.rpm
 curl-debuginfo-8.8.0-6.cm2.x86_64.rpm
