Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 621130 (CVE-2017-6965, CVE-2017-6966, CVE-2017-6969) - <sys-devel/binutils-2.28-r2: Multiple vulnerabilities CVE-2017-6965, CVE-2017-6966, CVE-2017-6969
Summary: <sys-devel/binutils-2.28-r2: Multiple vulnerabilities CVE-2017-6965, CVE-2017...
Status: RESOLVED FIXED
Alias: CVE-2017-6965, CVE-2017-6966, CVE-2017-6969
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa cve]
Keywords:
Depends on: 622500
Blocks: CVE-2017-7614 CVE-2017-8398 CVE-2017-8392, CVE-2017-8393, CVE-2017-8394, CVE-2017-8395, CVE-2017-8396, CVE-2017-8397 CVE-2017-8421 CVE-2017-9038, CVE-2017-9039, CVE-2017-9040, CVE-2017-9041, CVE-2017-9042
  Show dependency tree
 
Reported: 2017-06-07 13:35 UTC by Andrey Ovcharov
Modified: 2017-09-17 15:31 UTC (History)
1 user (show)

See Also:
Package list:
sys-devel/binutils-2.28-r2 sys-libs/binutils-libs-2.28-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments
binutils-CVE-2017-6965.patch (binutils-CVE-2017-6965.patch,4.25 KB, patch)
2017-06-07 13:35 UTC, Andrey Ovcharov
no flags Details | Diff
binutils-CVE-2017-6966.patch (binutils-CVE-2017-6966.patch,7.75 KB, patch)
2017-06-07 13:35 UTC, Andrey Ovcharov
no flags Details | Diff
binutils-CVE-2017-6969.patch (binutils-CVE-2017-6969.patch,1.55 KB, patch)
2017-06-07 13:36 UTC, Andrey Ovcharov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Ovcharov 2017-06-07 13:35:30 UTC
Created attachment 475460 [details, diff]
binutils-CVE-2017-6965.patch

sys-devel/binutils-2.28-r1: Multiple vulnerabilities CVE-2017-6965, CVE-2017-6966, CVE-2017-6969
Comment 1 Andrey Ovcharov 2017-06-07 13:35:57 UTC
Created attachment 475462 [details, diff]
binutils-CVE-2017-6966.patch
Comment 2 Andrey Ovcharov 2017-06-07 13:36:17 UTC
Created attachment 475464 [details, diff]
binutils-CVE-2017-6969.patch
Comment 4 Matthias Maier gentoo-dev 2017-06-07 14:48:57 UTC
commit 3e46392cbe2fa4b78c9d47f611c526e62dc88dac (HEAD -> master, origin/master, origin/HEAD)
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Wed Jun 7 09:46:44 2017 -0500

    sys-devel/binutils: 2.28 - multiple security fixes, bug #621130
    
    CVE-2017-6969
      https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456
      https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14
    
    CVE-2017-6966
      https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9
    
    CVE-2017-6965
      https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
    
    [1] https://bugs.gentoo.org/show_bug.cgi?id=621130
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
Comment 5 Matthias Maier gentoo-dev 2017-06-11 13:40:33 UTC
Arches, please test and mark stable

  sys-devel/binutils-2.28-r2
  sys-libs/binutils-libs-2.28-r1
Comment 6 Agostino Sarubbo gentoo-dev 2017-06-12 12:42:14 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-06-12 12:55:10 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2017-06-13 12:35:24 UTC
ppc64 stable
Comment 9 Markus Meier gentoo-dev 2017-06-13 18:23:22 UTC
arm stable
Comment 10 Tobias Klausmann gentoo-dev 2017-06-20 15:02:59 UTC
Stable on alpha.
Comment 11 Agostino Sarubbo gentoo-dev 2017-06-21 12:03:31 UTC
ppc stable
Comment 12 Sergei Trofimovich gentoo-dev 2017-06-21 21:56:20 UTC
ia64 stable
Comment 13 Sergei Trofimovich gentoo-dev 2017-06-23 07:49:22 UTC
reverted ia64 back to ~ia64 as binutils-2.28-r2 fails to build gcc: bug #622500
Comment 14 Sergei Trofimovich gentoo-dev 2017-07-15 18:31:05 UTC
dropping ia64 as bug #622500 will require sys-devel/binutils recut
Comment 15 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-19 13:13:51 UTC
Arches please finish stabilizing hppa. 


Gentoo Security Padawan 
ChrisADR
Comment 17 Andreas K. Hüttel gentoo-dev 2017-09-15 18:59:21 UTC
All vulnerable versions are masked. No cleanup (toolchain package).
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2017-09-17 15:31:49 UTC
This issue was resolved and addressed in
 GLSA 201709-02 at https://security.gentoo.org/glsa/201709-02
by GLSA coordinator Aaron Bauman (b-man).