Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Ubuntu 22.04 LTS USN-6842-1 Moderate: gdb Denial Of Service

ubuntu
Calendar Grey June 20, 2024
Scroller Ubuntu
Recent enhancements for gdb have addressed significant vulnerabilities that could lead to system crashes and potential code execution issues across various Ubuntu iterations.
gdb could be made to crash if it opened a specially crafted file.

Summary

gdb could be made to crash if it opened a specially crafted file.

Software Description:

- gdb: GNU Debugger

Details:

It was discovered that gdb incorrectly handled certain memory operations

when parsing an ELF file. An attacker could possibly use this issue

to cause a denial of service. This issue is the result of an

incomplete fix for CVE-2020-16599. This issue only affected

Ubuntu 22.04 LTS. (CVE-2022-4285)

It was discovered that gdb incorrectly handled memory leading

to a heap based buffer overflow. An attacker could use this

issue to cause a denial of service, or possibly execute

arbitrary code. This issue only affected Ubuntu 22.04 LTS.

(CVE-2023-1972)

It was discovered that gdb incorrectly handled memory leading

to a stack overflow. An attacker could possibly use this issue

to cause a denial of service. This issue only affected

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

(CVE-2023-39128)

It was discovered that gdb had a use after f...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   gdb                             12.1-0ubuntu1~22.04.2
   gdbserver                       12.1-0ubuntu1~22.04.2

Ubuntu 20.04 LTS
   gdb                             9.2-0ubuntu1~20.04.2
   gdbserver                       9.2-0ubuntu1~20.04.2

Ubuntu 18.04 LTS
   gdb                             8.1.1-0ubuntu1+esm1
                                   Available with Ubuntu Pro
   gdbserver                       8.1.1-0ubuntu1+esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   gdb                             7.11.1-0ubuntu1~16.5+esm1
                                   Available with Ubuntu Pro
   gdbserver                       7.11.1-0ubuntu1~16.5+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6842-1

CVE-2022-4285, CVE-2023-1972, CVE-2023-39128, CVE-2023-39129,

CVE-2023-39130

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6842-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.