From ${URL}: The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14128 The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14129 The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14130
CVE-2017-14130:( Proposed Patch 3/3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229 ) CVE-2017-14129:( Proposed Patch 2/3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643 ) CVE-2017-14128:( Proposed Patch 1/3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780 ) @maintainer(s), upstream closed this rather quickly on #21787, hope same happens here. Call stable if needed. Daj Uan (jmbailey/mbailey_j) Gentoo Security Padawan
This is fixed in 2.29.1
All affected versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. Please proceed.
Added to existing GLSA request. Gentoo Security Padawan (Jmbailey/mbailey_j)
This issue was resolved and addressed in GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01 by GLSA coordinator Aaron Bauman (b-man).