Summary: | <sys-devel/binutils-2.33.1: Multiple vulnerabilities (CVE-2019-{14444,17450,17451}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=24829 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=690590 | ||
Whiteboard: | A3 [glsa+ cve masked] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-02 15:11:02 UTC
CVE-2019-17451 (https://nvd.nist.gov/vuln/detail/CVE-2019-17451): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. CVE-2019-17450 (https://nvd.nist.gov/vuln/detail/CVE-2019-17450): find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf7bc8cee05a4dd95af28b48b66dd5a93e48a5c8 commit cf7bc8cee05a4dd95af28b48b66dd5a93e48a5c8 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-04-26 00:32:31 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-04-26 00:33:36 +0000 package.mask: Mask <binutils-2.33.1, bug 711324 Bug: https://bugs.gentoo.org/711324 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) No cleanup, but all masked. (In reply to Andreas K. Hüttel from comment #4) > No cleanup, but all masked. Good enough for toolchain stuff. Thanks. This issue was resolved and addressed in GLSA 202007-39 at https://security.gentoo.org/glsa/202007-39 by GLSA coordinator Sam James (sam_c). |