Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201908-01 ] Binutils: Multiple vulnerabilities
Date: Sat, 03 Aug 2019 11:39:03
Message-Id: 20190803112327.GA14781@bubba.lan
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201908-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Binutils: Multiple vulnerabilities
9 Date: August 03, 2019
10 Bugs: #672904, #672910, #674668, #682698, #682702
11 ID: 201908-01
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Binutils, the worst of
19 which may allow remote attackers to cause a Denial of Service
20 condition.
21
22 Background
23 ==========
24
25 The GNU Binutils are a collection of tools to create, modify and
26 analyse binary files. Many of the files use BFD, the Binary File
27 Descriptor library, to do low-level manipulation.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 sys-devel/binutils < 2.32-r1 >= 2.32-r1
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in Binutils. Please
41 review the referenced CVE identifiers for details.
42
43 Impact
44 ======
45
46 A remote attacker, by enticing a user to compile/execute a specially
47 crafted ELF, object, PE, or binary file, could possibly cause a Denial
48 of Service condition or have other unspecified impacts.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All Binutils users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.32-r1"
62
63 References
64 ==========
65
66 [ 1 ] CVE-2018-10372
67 https://nvd.nist.gov/vuln/detail/CVE-2018-10372
68 [ 2 ] CVE-2018-10373
69 https://nvd.nist.gov/vuln/detail/CVE-2018-10373
70 [ 3 ] CVE-2018-10534
71 https://nvd.nist.gov/vuln/detail/CVE-2018-10534
72 [ 4 ] CVE-2018-10535
73 https://nvd.nist.gov/vuln/detail/CVE-2018-10535
74 [ 5 ] CVE-2018-12641
75 https://nvd.nist.gov/vuln/detail/CVE-2018-12641
76 [ 6 ] CVE-2018-12697
77 https://nvd.nist.gov/vuln/detail/CVE-2018-12697
78 [ 7 ] CVE-2018-12698
79 https://nvd.nist.gov/vuln/detail/CVE-2018-12698
80 [ 8 ] CVE-2018-12699
81 https://nvd.nist.gov/vuln/detail/CVE-2018-12699
82 [ 9 ] CVE-2018-12700
83 https://nvd.nist.gov/vuln/detail/CVE-2018-12700
84 [ 10 ] CVE-2018-13033
85 https://nvd.nist.gov/vuln/detail/CVE-2018-13033
86 [ 11 ] CVE-2018-19931
87 https://nvd.nist.gov/vuln/detail/CVE-2018-19931
88 [ 12 ] CVE-2018-19932
89 https://nvd.nist.gov/vuln/detail/CVE-2018-19932
90 [ 13 ] CVE-2018-20002
91 https://nvd.nist.gov/vuln/detail/CVE-2018-20002
92 [ 14 ] CVE-2018-20651
93 https://nvd.nist.gov/vuln/detail/CVE-2018-20651
94
95 Availability
96 ============
97
98 This GLSA and any updates to it are available for viewing at
99 the Gentoo Security Website:
100
101 https://security.gentoo.org/glsa/201908-01
102
103 Concerns?
104 =========
105
106 Security is a primary focus of Gentoo Linux and ensuring the
107 confidentiality and security of our users' machines is of utmost
108 importance to us. Any security concerns should be addressed to
109 security@g.o or alternatively, you may file a bug at
110 https://bugs.gentoo.org.
111
112 License
113 =======
114
115 Copyright 2019 Gentoo Foundation, Inc; referenced text
116 belongs to its owner(s).
117
118 The contents of this document are licensed under the
119 Creative Commons - Attribution / Share Alike license.
120
121 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature