elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
How is this a *remote* DOS if it requires reading an ELF file?
That's something I don't understand either...
In master, will be in 2.30; patch added to gentoo/binutils-2.29.1 branch
All affected versions are masked. No further cleanup (toolchain package).
Nothing to do for toolchain here anymore. Please proceed.
Added to existing GLSA request.
Gentoo Security Padawan
This issue was resolved and addressed in
GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01
by GLSA coordinator Aaron Bauman (b-man).