The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. Upstream Fix: The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=957e1fc1c5d0262e4b2f764cf031ad1458446498 commit 957e1fc1c5d0262e4b2f764cf031ad1458446498 Author: Nick Clifton <nickc@redhat.com> Date: Thu Aug 10 09:37:36 2017 +0100 Fix out of bounds memory access when trying to allocate space for a note of size -1.
@maintainer(s), please test and follow procedure to stabilize and/or close on report...thank you. Daj'Uan (mbailey_J) Gentoo Security Scout
All affected versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. Please proceed.
Added to existing GLSA request. Gentoo Security Padawan (Jmbailey/mbailey_j)
This issue was resolved and addressed in GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01 by GLSA coordinator Aaron Bauman (b-man).