Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2019:2916-1 Moderate: gdb Buffer Overflow Security Update

suse
Calendar Grey November 7, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for gdb ______________________________________________________
An update that solves one vulnerability and has two fixes is now available

Summary

This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for "zypper install " message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile.

References

#1115034 #1142772 #1145692

Cross- CVE-2019-1010180

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Desktop 12-SP4

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2019-1010180.html

https://bugzilla.suse.com/1115034

https://bugzilla.suse.com/1142772

https://bugzilla.suse.com/1145692

Announcement ID: SUSE-SU-2019:2916-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.