This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kIdktsrGcEDrtfJ9OArnmFNATfC4hn9mt Content-Type: multipart/mixed; boundary="3orM3D8mI9o7XOpXEWm2stEVRJIwXKc9b" From: Aaron Bauman <bman@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <5e66a82f-9166-1daf-52ca-fe6e6761e868@gentoo.org> Subject: [ GLSA 201612-24 ] Binutils: Multiple vulnerabilities
--3orM3D8mI9o7XOpXEWm2stEVRJIwXKc9b Content-Type: multipart/alternative; boundary="------------0CC8F98995E7EFE6211F7150"
This is a multi-part message in MIME format. --------------0CC8F98995E7EFE6211F7150 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Binutils: Multiple vulnerabilities Date: December 08, 2016 Bugs: #526626 ID: 201612-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities were found in Binutils, the worst of which may allow execution of arbitrary code.
Background ==========
The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/binutils < 2.25 >= 2.25
Description ===========
Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Binutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.25"
References ==========
[ 1 ] CVE-2014-8484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8484 [ 2 ] CVE-2014-8485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8485 [ 3 ] CVE-2014-8501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8501 [ 4 ] CVE-2014-8502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8502 [ 5 ] CVE-2014-8503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8503 [ 6 ] CVE-2014-8504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8504 [ 7 ] CVE-2014-8737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8737 [ 8 ] CVE-2014-8738 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8738
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-24
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------0CC8F98995E7EFE6211F7150 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
<html> <head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf= -8"> </head> <body bgcolor=3D"#FFFFFF" text=3D"#000000"> <p> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Du= tf-8"> </p> <pre style=3D"color: rgb(0, 0, 0); font-style: normal; font-variant-l= igatures: normal; font-variant-caps: normal; font-weight: normal; letter-= spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-tr= ansform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0= px; word-wrap: break-word; white-space: pre-wrap;">- - - - - - - - - - - = - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <a class=3D"moz-txt-link-freet= ext" href=3D"https://security.gentoo.org/">https://security.gentoo.org/</= a> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Binutils: Multiple vulnerabilities Date: December 08, 2016 Bugs: #526626 ID: 201612-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis =3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities were found in Binutils, the worst of which may allow execution of arbitrary code.
Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/binutils < 2.25 >=3D = 2.25=20
Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.
Impact =3D=3D=3D=3D=3D=3D
A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files.
Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
There is no known workaround at this time.
Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
All Binutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=3Dsys-devel/binutils-2.25"
References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[ 1 ] CVE-2014-8484 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8484">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8484</a> [ 2 ] CVE-2014-8485 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8485">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8485</a> [ 3 ] CVE-2014-8501 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8501">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8501</a> [ 4 ] CVE-2014-8502 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8502">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8502</a> [ 5 ] CVE-2014-8503 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8503">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8503</a> [ 6 ] CVE-2014-8504 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8504">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8504</a> [ 7 ] CVE-2014-8737 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8737">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8737</a> [ 8 ] CVE-2014-8738 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd.= cfm?cvename=3DCVE-2014-8738">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE-20= 14-8738</a>
Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
<a class=3D"moz-txt-link-freetext" href=3D"https://security.gentoo.org/g= lsa/201612-24">https://security.gentoo.org/glsa/201612-24</a>
Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:security@gentoo.org"= >security@gentoo.org</a> or alternatively, you may file a bug at <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.gentoo.org">https= ://bugs.gentoo.org</a>.
License =3D=3D=3D=3D=3D=3D=3D
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
<a class=3D"moz-txt-link-freetext" href=3D"http://creativecommons.org/lic= enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre> </body> </html>
--------------0CC8F98995E7EFE6211F7150--
--3orM3D8mI9o7XOpXEWm2stEVRJIwXKc9b--
--kIdktsrGcEDrtfJ9OArnmFNATfC4hn9mt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQJ8BAEBCgBmBQJYSVy3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5 RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/Z+EP/2E12BLq/fHRUiCaWyXN5q5P Aja8jK+HyO6aKcpi0kA3pm/9aiDmWLs77SF29UD7MKlpryNEMXmpJBQH11HR/7rv VQJmjmh/9CxsUenIvGa0orutfc6B8yN4pRjxdcjHqwKRZ4IcWshRff44KH9yDSko LS5TL3wXR0MzfW3eNycXbGVjfO0P2UnaQ3Hf5pU9A1o9CLJvuBSegm/mLnbMUaDu 2N/nVYsTCs2o+h5BslFssnAbFGySrSRaDjgOgRg8wy+ANTQevp7kvaDK/SV3FQMH P0tF3O/IBFMVzDmxEbKyNHfd9tojMx0zSmkqgUifhCoDgI2qiDwXWRWwWXwTTMDH Q5BaWIpXCvJdHDZh0vD25hsoD0CpuveN3yemg9p+uehNvy78OU/8vZlZ2NA7al6A 0bw8lbQxxprt0CM/gqX/OBiXNKksgO6qd2amb6ca+/3JqHQ+PtrTZ5FMGfMEf4CW BJx4hqrdsHX+mD0PYUSdyruL8GH7w9XbLZ8W8GrYrm1U/mhQTTzqGg0PxTGuRqmO NWUFSyLpFwNyoQw5rA3ZLTZpizB1Jxc5XBdZNgioUuAb65kC49r/OQYh6EVfeoq/ BP9sXQBMCfRg+98eQscwu56LTERtnx4ARHZJHe7bO8NwfLmLXd0Zv9lHDPhOqaiw IElGaZ2w9g6B62TfaXnq =WQSG -----END PGP SIGNATURE-----
--kIdktsrGcEDrtfJ9OArnmFNATfC4hn9mt--
|