Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-4714

security: Binutils: Multiple vulnerabilities — GLSA 201801-01

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • None
    • None
    • None

      https://security.gentoo.org/glsa/201801-01
      Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition.

      Affected Packages

      Package sys-devel/binutils on all architectures
      Affected versions < 2.29.1-r1
      Unaffected versions >= 2.29.1-r1

      Background

      The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.

      Description

      Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details.

      Impact

      A remote attacker, by enticing a user to compile/execute a specially crafted ELF, tekhex, PE, or binary file, could possibly cause a Denial of Service condition.

      Workaround

      There are no known workarounds at this time.

      Resolution

      All Binutils users should upgrade to the latest version:

      1. emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.29.1-r1"

        References

      • [ CVE-2017-12456 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12456]
      • [ CVE-2017-12799 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12799]
      • [ CVE-2017-12967 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12967]
      • [ CVE-2017-14128 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14128]
      • [ CVE-2017-14129 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14129]
      • [ CVE-2017-14130 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14130]
      • [ CVE-2017-14333 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14333]
      • [ CVE-2017-15023 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15023]
      • [ CVE-2017-15938 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15938]
      • [ CVE-2017-15939 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15939]
      • [ CVE-2017-15996 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15996]
      • [ CVE-2017-7209 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7209]
      • [ CVE-2017-7210 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7210]
      • [ CVE-2017-7223 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7223]
      • [ CVE-2017-7224 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7224]
      • [ CVE-2017-7225 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7225]
      • [ CVE-2017-7227 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7227]
      • [ CVE-2017-9743 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9743]
      • [ CVE-2017-9746 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9746]
      • [ CVE-2017-9749 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9749]
      • [ CVE-2017-9750 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9750]
      • [ CVE-2017-9751 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9751]
      • [ CVE-2017-9755 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9755]
      • [ CVE-2017-9756 |https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9756]

            oleg oleg
            palica Pavol Cupka
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: