Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201801-01 ] Binutils: Multiple vulnerabilities
Date: Sun, 07 Jan 2018 23:11:27
Message-Id: 6118073.bfMtxcifx5@localhost.localdomain
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201801-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Binutils: Multiple vulnerabilities
9 Date: January 07, 2018
10 Bugs: #624700, #627516, #628538, #629344, #629922, #631324,
11 #632100, #632132, #632384, #632668, #633988, #635218,
12 #635692, #635860, #635968
13 ID: 201801-01
14
15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16
17 Synopsis
18 ========
19
20 Multiple vulnerabilities have been found in Binutils, the worst of
21 which may allow remote attackers to cause a Denial of Service
22 condition.
23
24 Background
25 ==========
26
27 The GNU Binutils are a collection of tools to create, modify and
28 analyse binary files. Many of the files use BFD, the Binary File
29 Descriptor library, to do low-level manipulation.
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 sys-devel/binutils < 2.29.1-r1 >= 2.29.1-r1
38
39 Description
40 ===========
41
42 Multiple vulnerabilities have been discovered in Binutils. Please
43 review the referenced CVE identifiers for details.
44
45 Impact
46 ======
47
48 A remote attacker, by enticing a user to compile/execute a specially
49 crafted ELF, tekhex, PE, or binary file, could possibly cause a Denial
50 of Service condition.
51
52 Workaround
53 ==========
54
55 There are no known workarounds at this time.
56
57 Resolution
58 ==========
59
60 All Binutils users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.29.1-r1"
64
65 References
66 ==========
67
68 [ 1 ] CVE-2017-12456
69 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12456
70 [ 2 ] CVE-2017-12799
71 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12799
72 [ 3 ] CVE-2017-12967
73 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12967
74 [ 4 ] CVE-2017-14128
75 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14128
76 [ 5 ] CVE-2017-14129
77 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14129
78 [ 6 ] CVE-2017-14130
79 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14130
80 [ 7 ] CVE-2017-14333
81 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14333
82 [ 8 ] CVE-2017-15023
83 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15023
84 [ 9 ] CVE-2017-15938

Attachments

File name MIME type
signature.asc application/pgp-signature