Bug 908087 (CVE-2023-1972)

Summary:	<sys-devel/binutils-2.41 : heap buffer overread
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	toolchain
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2023-06-09 04:38:57 UTC

CVE-2023-1972 (https://sourceware.org/bugzilla/show_bug.cgi?id=30285):

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Patch is: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57

Comment 1 Larry the Git Cow gentoo-dev

2024-10-04 12:32:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b73103f94b4587a84a752a6d21a6de12f4ac1ab6

commit b73103f94b4587a84a752a6d21a6de12f4ac1ab6
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2024-10-04 12:32:00 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2024-10-04 12:32:00 +0000

    package.mask: Update binutils mask to <2.42
    
    Bug: https://bugs.gentoo.org/908087
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 profiles/package.mask | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comment 2 Hans de Graaff gentoo-dev

2024-10-05 08:10:40 UTC

noglsa as discussed with dilfridge on #gentoo-security.