CVE-2022-38126 (https://sourceware.org/bugzilla/show_bug.cgi?id=29289): Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service. CVE-2022-38127 (https://sourceware.org/bugzilla/show_bug.cgi?id=29290): A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.
Please cleanup
All affected ebuilds masked. No cleanup (toolchain).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=14d1caba8122b70c39357e14ad41c672cd2cd81d commit 14d1caba8122b70c39357e14ad41c672cd2cd81d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-30 07:43:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-30 07:44:23 +0000 [ GLSA 202309-15 ] GNU Binutils: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/866713 Bug: https://bugs.gentoo.org/867937 Bug: https://bugs.gentoo.org/903893 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-15.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)
CVE-2022-47007 (https://sourceware.org/bugzilla/show_bug.cgi?id=29254): An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVE-2022-47008 (https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20): An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVE-2022-47010 (https://sourceware.org/bugzilla/show_bug.cgi?id=29262): An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVE-2022-47011 (https://sourceware.org/bugzilla/show_bug.cgi?id=29261): An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. CVE-2022-35205 (https://sourceware.org/bugzilla/show_bug.cgi?id=29289): An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. CVE-2022-35206 (https://sourceware.org/bugzilla/show_bug.cgi?id=29290): Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. Fixed in 2.39.
