CVE-2021-20197 (https://sourceware.org/bugzilla/show_bug.cgi?id=26945): There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. CVE-2021-20284 (https://sourceware.org/bugzilla/show_bug.cgi?id=26931): A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVE-2021-3487: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
CVE-2021-20294: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
> CVE-2021-20197 (https://sourceware.org/bugzilla/show_bug.cgi?id=26945): > > There is an open race window when writing output in the following utilities > in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When > these utilities are run as a privileged user (presumably as part of a script > updating binaries across different users), an unprivileged user can trick > these utilities into getting ownership of arbitrary files through a symlink. Fixed in Gentoo binutils-2.36.1-r1 > CVE-2021-20284 (https://sourceware.org/bugzilla/show_bug.cgi?id=26931): > > A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer > overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the > number of symbols not calculated correctly. The highest threat from this > vulnerability is to system availability. Fixed in Gentoo binutils-2.36.1-r1 > CVE-2021-3487: > > There's a flaw in the BFD library of binutils in versions before 2.36. An > attacker who supplies a crafted file to an application linked with BFD, and > using the DWARF functionality, could cause an impact to system availability > by way of excessive memory consumption. > > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 > Patch: > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=647cebce12a6b0a26960220caff96ff38978cf24 Fixed in Gentoo binutils-2.36.1-r1 > CVE-2021-20294: > > A flaw was found in binutils readelf 2.35 program. An attacker who is able > to convince a victim using readelf to read a crafted file could trigger a > stack buffer overflow, out-of-bounds write of arbitrary data supplied by the > attacker. The highest impact of this flaw is to confidentiality, integrity, > and availability. https://sourceware.org/bugzilla/show_bug.cgi?id=26929 Fixed in Gentoo binutils-2.36.1-r1
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6d6f7b7b7209257f1a9f4760ca4e132e1571600 commit d6d6f7b7b7209257f1a9f4760ca4e132e1571600 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-09-25 19:07:19 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-09-25 19:21:19 +0000 package.mask: Update binutils mask to <2.36.1-r2 Bug: https://bugs.gentoo.org/778545 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks dilfridge \o/
Toolchain out.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d8cf0a3e06fbdd4dd76f179edfa141b674a0968 commit 1d8cf0a3e06fbdd4dd76f179edfa141b674a0968 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 21:47:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 21:48:21 +0000 [ GLSA 202208-30 ] GNU Binutils: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/778545 Bug: https://bugs.gentoo.org/792342 Bug: https://bugs.gentoo.org/829304 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-30.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+)
GLSA done, all done.
CVE-2020-19726 (https://sourceware.org/bugzilla/show_bug.cgi?id=26240): An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
