Summary: | <sys-devel/binutils-2.27-r1: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 621130 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-05-18 10:52:59 UTC
Fixed (as applicable) in 2.27-r1 for the :2.27 slot commit cd1ba24b30850d49e58b79af6e0f5387f9f7ed8d (HEAD -> master, origin/master, origin/HEAD) Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Jun 6 14:01:21 2017 -0500 sys-devel/binutils: 2.27 - multiple security fixes, bug #618520, bug #618826 CVE-2017-8421 Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs. https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=39ff1b79f687b65f4144ddb379f22587003443fb CVE-2017-9038 readelf: Update check for invalid word offsets in ARM unwind information. https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d CVE-2017-9038 readelf: Update check for invalid word offsets in ARM unwind information. https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d CVE-2017-9039 readelf: Fix overlarge memory allocation when reading a binary with an excessive number of program headers. https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5 CVE-2017-9040, CVE-2017-9042 readelf: fix out of range subtraction, seg fault from a NULL pointer and memory exhaustion, all from parsing corrupt binaries. https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf CVE-2017-9041 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 [2] https://bugs.gentoo.org/show_bug.cgi?id=618520 [2] https://bugs.gentoo.org/show_bug.cgi?id=618826 Package-Manager: Portage-2.3.6, Repoman-2.3.2 All vulnerable versions are masked. No cleanup (toolchain package). This issue was resolved and addressed in GLSA 201709-02 at https://security.gentoo.org/glsa/201709-02 by GLSA coordinator Aaron Bauman (b-man). |