[gentoo-announce] [ GLSA 201709-02 ] Binutils: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201709-02 ] Binutils: Multiple vulnerabilities
Date:	Sun, 17 Sep 2017 15:32:12
Message-Id:	`2685971.sUtU90j0nf@localhost.localdomain`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201709-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Binutils: Multiple vulnerabilities

9

     Date: September 17, 2017

10

     Bugs: #618006, #618514, #618516, #618520, #618826, #621130,

11

           #624524, #624702

12

       ID: 201709-02

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

Multiple vulnerabilities have been found in Binutils, the worst of

20

which may allow remote attackers to cause a Denial of Service

21

condition.

22

23

Background

24

==========

25

26

The GNU Binutils are a collection of tools to create, modify and

27

analyse binary files. Many of the files use BFD, the Binary File

28

Descriptor library, to do low-level manipulation.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package              /     Vulnerable     /            Unaffected

35

    -------------------------------------------------------------------

36

  1  sys-devel/binutils           < 2.28.1                  >= 2.28.1 

37

38

Description

39

===========

40

41

Multiple vulnerabilities have been discovered in Binutils. Please

42

review References for additional information.

43

44

Impact

45

======

46

47

A remote attacker, by enticing a user to compile/execute a specially

48

crafted ELF file, PE File, or binary file, could possibly cause a

49

Denial of Service condition.

50

51

Workaround

52

==========

53

54

There is no known workaround at this time.

55

56

Resolution

57

==========

58

59

All Binutils users should upgrade to the latest version:

60

61

  # emerge --sync

62

  # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.28.1"

63

64

References

65

==========

66

67

[  1 ] CVE-2017-6965

68

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6965

69

[  2 ] CVE-2017-6966

70

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6966

71

[  3 ] CVE-2017-6969

72

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6969

73

[  4 ] CVE-2017-7614

74

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7614

75

[  5 ] CVE-2017-8392

76

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8392

77

[  6 ] CVE-2017-8393

78

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8393

79

[  7 ] CVE-2017-8394

80

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8394

81

[  8 ] CVE-2017-8395

82

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8395

83

[  9 ] CVE-2017-8396

84

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8396

85

[ 10 ] CVE-2017-8397

86

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8397

87

[ 11 ] CVE-2017-8398

88

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8398

89

[ 12 ] CVE-2017-8421

90

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8421

91

[ 13 ] CVE-2017-9038

92

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9038

93

[ 14 ] CVE-2017-9039

94

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9039

95

[ 15 ] CVE-2017-9040

96

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9040

97

[ 16 ] CVE-2017-9041

98

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9041

99

[ 17 ] CVE-2017-9042

100

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9042

101

[ 18 ] CVE-2017-9742

102

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9742

103

[ 19 ] CVE-2017-9954

104

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9954

105

106

Availability

107

============

108

109

This GLSA and any updates to it are available for viewing at

110

the Gentoo Security Website:

111

112

 https://security.gentoo.org/glsa/201709-02

113

114

Concerns?

115

=========

116

117

Security is a primary focus of Gentoo Linux and ensuring the

118

confidentiality and security of our users' machines is of utmost

119

importance to us. Any security concerns should be addressed to

120

security@g.o or alternatively, you may file a bug at

121

https://bugs.gentoo.org.

122

123

License

124

=======

125

126

Copyright 2017 Gentoo Foundation, Inc; referenced text

127

belongs to its owner(s).

128

129

The contents of this document are licensed under the

130

Creative Commons - Attribution / Share Alike license.

131

132

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201709-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Binutils: Multiple vulnerabilities
9	Date: September 17, 2017
10	Bugs: #618006, #618514, #618516, #618520, #618826, #621130,
11	#624524, #624702
12	ID: 201709-02
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	Multiple vulnerabilities have been found in Binutils, the worst of
20	which may allow remote attackers to cause a Denial of Service
21	condition.
22
23	Background
24	==========
25
26	The GNU Binutils are a collection of tools to create, modify and
27	analyse binary files. Many of the files use BFD, the Binary File
28	Descriptor library, to do low-level manipulation.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 sys-devel/binutils < 2.28.1 >= 2.28.1
37
38	Description
39	===========
40
41	Multiple vulnerabilities have been discovered in Binutils. Please
42	review References for additional information.
43
44	Impact
45	======
46
47	A remote attacker, by enticing a user to compile/execute a specially
48	crafted ELF file, PE File, or binary file, could possibly cause a
49	Denial of Service condition.
50
51	Workaround
52	==========
53
54	There is no known workaround at this time.
55
56	Resolution
57	==========
58
59	All Binutils users should upgrade to the latest version:
60
61	# emerge --sync
62	# emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.28.1"
63
64	References
65	==========
66
67	[ 1 ] CVE-2017-6965
68	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6965
69	[ 2 ] CVE-2017-6966
70	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6966
71	[ 3 ] CVE-2017-6969
72	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6969
73	[ 4 ] CVE-2017-7614
74	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7614
75	[ 5 ] CVE-2017-8392
76	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8392
77	[ 6 ] CVE-2017-8393
78	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8393
79	[ 7 ] CVE-2017-8394
80	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8394
81	[ 8 ] CVE-2017-8395
82	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8395
83	[ 9 ] CVE-2017-8396
84	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8396
85	[ 10 ] CVE-2017-8397
86	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8397
87	[ 11 ] CVE-2017-8398
88	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8398
89	[ 12 ] CVE-2017-8421
90	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8421
91	[ 13 ] CVE-2017-9038
92	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9038
93	[ 14 ] CVE-2017-9039
94	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9039
95	[ 15 ] CVE-2017-9040
96	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9040
97	[ 16 ] CVE-2017-9041
98	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9041
99	[ 17 ] CVE-2017-9042
100	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9042
101	[ 18 ] CVE-2017-9742
102	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9742
103	[ 19 ] CVE-2017-9954
104	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9954
105
106	Availability
107	============
108
109	This GLSA and any updates to it are available for viewing at
110	the Gentoo Security Website:
111
112	https://security.gentoo.org/glsa/201709-02
113
114	Concerns?
115	=========
116
117	Security is a primary focus of Gentoo Linux and ensuring the
118	confidentiality and security of our users' machines is of utmost
119	importance to us. Any security concerns should be addressed to
120	security@g.o or alternatively, you may file a bug at
121	https://bugs.gentoo.org.
122
123	License
124	=======
125
126	Copyright 2017 Gentoo Foundation, Inc; referenced text
127	belongs to its owner(s).
128
129	The contents of this document are licensed under the
130	Creative Commons - Attribution / Share Alike license.
131
132	http://creativecommons.org/licenses/by-sa/2.5