Summary: | <sys-devel/binutils-2.40: heap buffer overflow in bfd_getl64 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=29699 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 909412 | ||
Bug Blocks: |
Description
John Helmert III
2023-04-06 03:47:53 UTC
CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. Patch is in 2.40: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b58a88f1c08436f49f259e35e261b0d116508859 commit b58a88f1c08436f49f259e35e261b0d116508859 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2023-08-20 21:19:59 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2023-08-20 21:19:59 +0000 package.mask: extend binutils mask, bug 903893 Bug: https://bugs.gentoo.org/903893 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) All affected packages masked. No cleanup (toolchain). Nothing left to be done by toolchain. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=14d1caba8122b70c39357e14ad41c672cd2cd81d commit 14d1caba8122b70c39357e14ad41c672cd2cd81d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-30 07:43:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-30 07:44:23 +0000 [ GLSA 202309-15 ] GNU Binutils: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/866713 Bug: https://bugs.gentoo.org/867937 Bug: https://bugs.gentoo.org/903893 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-15.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) |