The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
Patch added to gentoo/binutils-2.29.1 branch
All affected versions are masked. No further cleanup (toolchain package).
Nothing to do for toolchain here anymore. Please proceed.
Added to existing GLSA request.
Gentoo Security Padawan
This issue was resolved and addressed in
GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01
by GLSA coordinator Aaron Bauman (b-man).