[gentoo-announce] [ GLSA 202107-24 ] Binutils: Multiple vulnerabilities - gentoo-announce

From:	John Helmert III <ajak@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202107-24 ] Binutils: Multiple vulnerabilities
Date:	Sat, 10 Jul 2021 03:18:48
Message-Id:	`YOkPMRbGliQd6ALj@sol.nexus.lan`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202107-24

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Binutils: Multiple vulnerabilities

9

     Date: July 10, 2021

10

     Bugs: #678806, #761957, #764170

11

       ID: 202107-24

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Binutils, the worst of

19

which could result in a Denial of Service condition.

20

21

Background

22

==========

23

24

The GNU Binutils are a collection of tools to create, modify and

25

analyse binary files. Many of the files use BFD, the Binary File

26

Descriptor library, to do low-level manipulation.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /     Vulnerable     /            Unaffected

33

    -------------------------------------------------------------------

34

  1  sys-devel/binutils           < 2.35.2                  >= 2.35.2 

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in Binutils. Please

40

review the CVE identifiers referenced below for details.

41

42

Impact

43

======

44

45

Please review the referenced CVE identifiers for details.

46

47

Workaround

48

==========

49

50

There is no known workaround at this time.

51

52

Resolution

53

==========

54

55

All Binutils users should upgrade to the latest version:

56

57

  # emerge --sync

58

  # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2"

59

60

References

61

==========

62

63

[  1 ] CVE-2019-9070

64

       https://nvd.nist.gov/vuln/detail/CVE-2019-9070

65

[  2 ] CVE-2019-9071

66

       https://nvd.nist.gov/vuln/detail/CVE-2019-9071

67

[  3 ] CVE-2019-9072

68

       https://nvd.nist.gov/vuln/detail/CVE-2019-9072

69

[  4 ] CVE-2019-9073

70

       https://nvd.nist.gov/vuln/detail/CVE-2019-9073

71

[  5 ] CVE-2019-9074

72

       https://nvd.nist.gov/vuln/detail/CVE-2019-9074

73

[  6 ] CVE-2019-9075

74

       https://nvd.nist.gov/vuln/detail/CVE-2019-9075

75

[  7 ] CVE-2019-9076

76

       https://nvd.nist.gov/vuln/detail/CVE-2019-9076

77

[  8 ] CVE-2019-9077

78

       https://nvd.nist.gov/vuln/detail/CVE-2019-9077

79

[  9 ] CVE-2020-19599

80

       https://nvd.nist.gov/vuln/detail/CVE-2020-19599

81

[ 10 ] CVE-2020-35448

82

       https://nvd.nist.gov/vuln/detail/CVE-2020-35448

83

[ 11 ] CVE-2020-35493

84

       https://nvd.nist.gov/vuln/detail/CVE-2020-35493

85

[ 12 ] CVE-2020-35494

86

       https://nvd.nist.gov/vuln/detail/CVE-2020-35494

87

[ 13 ] CVE-2020-35495

88

       https://nvd.nist.gov/vuln/detail/CVE-2020-35495

89

[ 14 ] CVE-2020-35496

90

       https://nvd.nist.gov/vuln/detail/CVE-2020-35496

91

[ 15 ] CVE-2020-35507

92

       https://nvd.nist.gov/vuln/detail/CVE-2020-35507

93

94

Availability

95

============

96

97

This GLSA and any updates to it are available for viewing at

98

the Gentoo Security Website:

99

100

 https://security.gentoo.org/glsa/202107-24

101

102

Concerns?

103

=========

104

105

Security is a primary focus of Gentoo Linux and ensuring the

106

confidentiality and security of our users' machines is of utmost

107

importance to us. Any security concerns should be addressed to

108

security@g.o or alternatively, you may file a bug at

109

https://bugs.gentoo.org.

110

111

License

112

=======

113

114

Copyright 2021 Gentoo Foundation, Inc; referenced text

115

belongs to its owner(s).

116

117

The contents of this document are licensed under the

118

Creative Commons - Attribution / Share Alike license.

119

120

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202107-24
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Binutils: Multiple vulnerabilities
9	Date: July 10, 2021
10	Bugs: #678806, #761957, #764170
11	ID: 202107-24
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Binutils, the worst of
19	which could result in a Denial of Service condition.
20
21	Background
22	==========
23
24	The GNU Binutils are a collection of tools to create, modify and
25	analyse binary files. Many of the files use BFD, the Binary File
26	Descriptor library, to do low-level manipulation.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 sys-devel/binutils < 2.35.2 >= 2.35.2
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in Binutils. Please
40	review the CVE identifiers referenced below for details.
41
42	Impact
43	======
44
45	Please review the referenced CVE identifiers for details.
46
47	Workaround
48	==========
49
50	There is no known workaround at this time.
51
52	Resolution
53	==========
54
55	All Binutils users should upgrade to the latest version:
56
57	# emerge --sync
58	# emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2"
59
60	References
61	==========
62
63	[ 1 ] CVE-2019-9070
64	https://nvd.nist.gov/vuln/detail/CVE-2019-9070
65	[ 2 ] CVE-2019-9071
66	https://nvd.nist.gov/vuln/detail/CVE-2019-9071
67	[ 3 ] CVE-2019-9072
68	https://nvd.nist.gov/vuln/detail/CVE-2019-9072
69	[ 4 ] CVE-2019-9073
70	https://nvd.nist.gov/vuln/detail/CVE-2019-9073
71	[ 5 ] CVE-2019-9074
72	https://nvd.nist.gov/vuln/detail/CVE-2019-9074
73	[ 6 ] CVE-2019-9075
74	https://nvd.nist.gov/vuln/detail/CVE-2019-9075
75	[ 7 ] CVE-2019-9076
76	https://nvd.nist.gov/vuln/detail/CVE-2019-9076
77	[ 8 ] CVE-2019-9077
78	https://nvd.nist.gov/vuln/detail/CVE-2019-9077
79	[ 9 ] CVE-2020-19599
80	https://nvd.nist.gov/vuln/detail/CVE-2020-19599
81	[ 10 ] CVE-2020-35448
82	https://nvd.nist.gov/vuln/detail/CVE-2020-35448
83	[ 11 ] CVE-2020-35493
84	https://nvd.nist.gov/vuln/detail/CVE-2020-35493
85	[ 12 ] CVE-2020-35494
86	https://nvd.nist.gov/vuln/detail/CVE-2020-35494
87	[ 13 ] CVE-2020-35495
88	https://nvd.nist.gov/vuln/detail/CVE-2020-35495
89	[ 14 ] CVE-2020-35496
90	https://nvd.nist.gov/vuln/detail/CVE-2020-35496
91	[ 15 ] CVE-2020-35507
92	https://nvd.nist.gov/vuln/detail/CVE-2020-35507
93
94	Availability
95	============
96
97	This GLSA and any updates to it are available for viewing at
98	the Gentoo Security Website:
99
100	https://security.gentoo.org/glsa/202107-24
101
102	Concerns?
103	=========
104
105	Security is a primary focus of Gentoo Linux and ensuring the
106	confidentiality and security of our users' machines is of utmost
107	importance to us. Any security concerns should be addressed to
108	security@g.o or alternatively, you may file a bug at
109	https://bugs.gentoo.org.
110
111	License
112	=======
113
114	Copyright 2021 Gentoo Foundation, Inc; referenced text
115	belongs to its owner(s).
116
117	The contents of this document are licensed under the
118	Creative Commons - Attribution / Share Alike license.
119
120	https://creativecommons.org/licenses/by-sa/2.5