Moving vulns here from bug 661154 which are fixed in 2.31.1-r4 > > > > > CVE-2018-13033 (https://nvd.nist.gov/vuln/detail/CVE-2018-13033): > > > > > The Binary File Descriptor (BFD) library (aka libbfd), as distributed in > > > > > GNU > > > > > Binutils 2.30, allows remote attackers to cause a denial of service > > > > > (excessive memory allocation and application crash) via a crafted ELF file, > > > > > as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc > > > > > in libbfd.c. This can occur during execution of nm. > > > > > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=23361 > > > > "fixed with commit 95a6d235661" > > > > * fixed for >=sys-devel/binutils-2.31.1 > > > > * cherry-picked for gentoo/binutils-2.30 branch > > > > > CVE-2018-10535 (https://nvd.nist.gov/vuln/detail/CVE-2018-10535): > > > > > The ignore_section_sym function in elf.c in the Binary File Descriptor > > > > > (BFD) > > > > > library (aka libbfd), as distributed in GNU Binutils 2.30, does not > > > > > validate > > > > > the output_section pointer in the case of a symtab entry with a "SECTION" > > > > > type that has a "0" value, which allows remote attackers to cause a denial > > > > > of service (NULL pointer dereference and application crash) via a crafted > > > > > file, as demonstrated by objcopy. > > > > > > > > Fixed in db0c309f4011ca94a4abc8458e27f3734dab92ac > > > > * Fixed in >=sys-devel/binutils-2.31 > > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > > CVE-2018-10534 (https://nvd.nist.gov/vuln/detail/CVE-2018-10534): > > > > > The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the > > > > > Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU > > > > > Binutils 2.30, processes a negative Data Directory size with an unbounded > > > > > loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so > > > > > that the address exceeds its own memory region, resulting in an > > > > > out-of-bounds memory write, as demonstrated by objcopy copying private info > > > > > with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. > > > > > > > > Fixed in aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 > > > > * Fixed in >=sys-devel/binutils-2.31 > > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > > CVE-2018-10373 (https://nvd.nist.gov/vuln/detail/CVE-2018-10373): > > > > > concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library > > > > > (aka > > > > > libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to > > > > > cause a denial of service (NULL pointer dereference and application crash) > > > > > via a crafted binary file, as demonstrated by nm-new. > > > > > > > > Fixed in 6327533b1fd29fa86f6bf34e61c332c010e3c689 > > > > * Fixed in >=sys-devel/binutils-2.31 > > > > * cherry-picked for the gentoo/binutils-2.30 branch > > > > > CVE-2018-10372 (https://nvd.nist.gov/vuln/detail/CVE-2018-10372): > > > > > process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers > > > > > to cause a denial of service (heap-based buffer over-read and application > > > > > crash) via a crafted binary file, as demonstrated by readelf. > > > > > > > > Fixed in 6aea08d9f3e3d6475a65454da488a0c51f5dc97d > > > > * Fixed in >=sys-devel/binutils-2.31 > > > > * cherry-picked for the gentoo/binutils-2.30 branch
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=894e4f2719e94cdfbb639dbaffbcec1433d206bb commit 894e4f2719e94cdfbb639dbaffbcec1433d206bb Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2019-04-28 23:58:37 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2019-04-28 23:58:37 +0000 package.mask: Mask <sys-devel/binutils-2.31.1-r4 and friends Closes: https://bugs.gentoo.org/623566 Bug: https://bugs.gentoo.org/676460 Bug: https://bugs.gentoo.org/682702 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
All security-supported arches stabilized, all vulnerable ebuilds masked. No cleanup (toolchain). Security please proceed.
(In reply to Andreas K. Hüttel from comment #2) > All security-supported arches stabilized, all vulnerable ebuilds masked. > No cleanup (toolchain). Security please proceed. Nothing to do for toolchain here anymore.
This issue was resolved and addressed in GLSA 201908-01 at https://security.gentoo.org/glsa/201908-01 by GLSA coordinator Aaron Bauman (b-man).