Summary: | <sys-devel/binutils-2.29.1-r1: Multiple vulnerabilities (CVE-2017-{12456,14333}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arthur |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-31 01:03:31 UTC
@Maintainers please call for stabilization when ready or let us know. Thank you (In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2017-14333 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14333): > The process_version_sections function in readelf.c in GNU Binutils 2.29 > allows attackers to cause a denial of service (Integer Overflow, and hang > because of a time-consuming loop) or possibly have unspecified other impact > via a crafted binary file with invalid values of ent.vn_next, during > "readelf -a" execution. Fixed in sys-devel/binutils-2.29.1-r1 > > CVE-2017-12456 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12456): > The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils > 2.29 and earlier allows remote attackers to cause an out of bounds heap > read > via a crafted binary file. Fixed in sys-devel/binutils-2.29.1-r1 All affected versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. Please proceed. Added to existing GLSA request. Gentoo Security Padawan (Jmbailey/mbailey_j) This issue was resolved and addressed in GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01 by GLSA coordinator Aaron Bauman (b-man). Re-opened to track masked vulnerable versions. |