[gentoo-announce] [ GLSA 202208-30 ] GNU Binutils: Multiple Vulnerabilities - gentoo-announce

From:	glsamaker@g.o
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202208-30 ] GNU Binutils: Multiple Vulnerabilities
Date:	Sun, 14 Aug 2022 21:52:21
Message-Id:	`166051364355.12.17565287659963246442@7b72ab9f548d`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202208-30

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: GNU Binutils: Multiple Vulnerabilities

9

     Date: August 14, 2022

10

     Bugs: #778545, #792342, #829304

11

       ID: 202208-30

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in Binutils, the worst of

19

which could result in denial of service.

20

21

Background

22

==========

23

24

The GNU Binutils are a collection of tools to create, modify and analyse

25

binary files. Many of the files use BFD, the Binary File Descriptor

26

library, to do low-level manipulation.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /     Vulnerable     /            Unaffected

33

    -------------------------------------------------------------------

34

  1  sys-devel/binutils         < 2.38                        >= 2.38

35

  2  sys-libs/binutils-libs     < 2.38                        >= 2.38

36

37

Description

38

===========

39

40

Multiple vulnerabilities have been discovered in GNU Binutils. Please

41

review the CVE identifiers referenced below for details.

42

43

Impact

44

======

45

46

Please review the referenced CVE identifiers for details.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

All Binutils users should upgrade to the latest version:

57

58

  # emerge --sync

59

  # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38"

60

61

All Binutils library users should upgrade to the latest version:

62

63

  # emerge --sync

64

  # emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38"

65

66

References

67

==========

68

69

[ 1 ] CVE-2021-3487

70

      https://nvd.nist.gov/vuln/detail/CVE-2021-3487

71

[ 2 ] CVE-2021-3530

72

      https://nvd.nist.gov/vuln/detail/CVE-2021-3530

73

[ 3 ] CVE-2021-3549

74

      https://nvd.nist.gov/vuln/detail/CVE-2021-3549

75

[ 4 ] CVE-2021-20197

76

      https://nvd.nist.gov/vuln/detail/CVE-2021-20197

77

[ 5 ] CVE-2021-20284

78

      https://nvd.nist.gov/vuln/detail/CVE-2021-20284

79

[ 6 ] CVE-2021-20294

80

      https://nvd.nist.gov/vuln/detail/CVE-2021-20294

81

[ 7 ] CVE-2021-45078

82

      https://nvd.nist.gov/vuln/detail/CVE-2021-45078

83

84

Availability

85

============

86

87

This GLSA and any updates to it are available for viewing at

88

the Gentoo Security Website:

89

90

 https://security.gentoo.org/glsa/202208-30

91

92

Concerns?

93

=========

94

95

Security is a primary focus of Gentoo Linux and ensuring the

96

confidentiality and security of our users' machines is of utmost

97

importance to us. Any security concerns should be addressed to

98

security@g.o or alternatively, you may file a bug at

99

https://bugs.gentoo.org.

100

101

License

102

=======

103

104

Copyright 2022 Gentoo Foundation, Inc; referenced text

105

belongs to its owner(s).

106

107

The contents of this document are licensed under the

108

Creative Commons - Attribution / Share Alike license.

109

110

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202208-30
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: GNU Binutils: Multiple Vulnerabilities
9	Date: August 14, 2022
10	Bugs: #778545, #792342, #829304
11	ID: 202208-30
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in Binutils, the worst of
19	which could result in denial of service.
20
21	Background
22	==========
23
24	The GNU Binutils are a collection of tools to create, modify and analyse
25	binary files. Many of the files use BFD, the Binary File Descriptor
26	library, to do low-level manipulation.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 sys-devel/binutils < 2.38 >= 2.38
35	2 sys-libs/binutils-libs < 2.38 >= 2.38
36
37	Description
38	===========
39
40	Multiple vulnerabilities have been discovered in GNU Binutils. Please
41	review the CVE identifiers referenced below for details.
42
43	Impact
44	======
45
46	Please review the referenced CVE identifiers for details.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	All Binutils users should upgrade to the latest version:
57
58	# emerge --sync
59	# emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38"
60
61	All Binutils library users should upgrade to the latest version:
62
63	# emerge --sync
64	# emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38"
65
66	References
67	==========
68
69	[ 1 ] CVE-2021-3487
70	https://nvd.nist.gov/vuln/detail/CVE-2021-3487
71	[ 2 ] CVE-2021-3530
72	https://nvd.nist.gov/vuln/detail/CVE-2021-3530
73	[ 3 ] CVE-2021-3549
74	https://nvd.nist.gov/vuln/detail/CVE-2021-3549
75	[ 4 ] CVE-2021-20197
76	https://nvd.nist.gov/vuln/detail/CVE-2021-20197
77	[ 5 ] CVE-2021-20284
78	https://nvd.nist.gov/vuln/detail/CVE-2021-20284
79	[ 6 ] CVE-2021-20294
80	https://nvd.nist.gov/vuln/detail/CVE-2021-20294
81	[ 7 ] CVE-2021-45078
82	https://nvd.nist.gov/vuln/detail/CVE-2021-45078
83
84	Availability
85	============
86
87	This GLSA and any updates to it are available for viewing at
88	the Gentoo Security Website:
89
90	https://security.gentoo.org/glsa/202208-30
91
92	Concerns?
93	=========
94
95	Security is a primary focus of Gentoo Linux and ensuring the
96	confidentiality and security of our users' machines is of utmost
97	importance to us. Any security concerns should be addressed to
98	security@g.o or alternatively, you may file a bug at
99	https://bugs.gentoo.org.
100
101	License
102	=======
103
104	Copyright 2022 Gentoo Foundation, Inc; referenced text
105	belongs to its owner(s).
106
107	The contents of this document are licensed under the
108	Creative Commons - Attribution / Share Alike license.
109
110	https://creativecommons.org/licenses/by-sa/2.5