Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1220490 * jsc#PED-10258 * jsc#PED-10751 Cross-References: . # Security update for gdb Announcement ID: SUSE-SU-2024:4413-1 Release Date: 2024-12-23T19:42:03Z Rating: moderate References: * bsc#1220490 * jsc#PED-10258 * jsc#PED-10751 Cross-References: * CVE-2022-4806 CVSS scores: * CVE-2022-4806 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-4806 ( NVD ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and contains two features can now be installed. ## Description: This update for gdb fixes the following issues: Mention changes in GDB 14: * GDB now supports the AArch64 Scalable Matrix Extension 2 (SME2), which includes a new 512 bit lookup table register named ZT0. * GDB now supports the AArch64 Scalable Matrix Extension (SME), which includes a new matrix register named ZA, a new thread register TPIDR2 and a new vector length register SVG (streaming vector granule). GDB also supports tracking ZA state across signal frames. Some features are still under development or are dependent on ABI specs that are still in alpha stage. For example, manual function calls with ZA state don't have any special handling, and tracking of SVG changes based on DWARF information is still not implemented, but there are plans to do so in the future. * GDB now recognizes the NO_COLOR environmentvariable and disables styling according to the spec. See https://no-color.org/. Styling can be re-enabled with "set style enabled on". * The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature string has been deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2' feature string. * GDB now has some support for integer types larger than 64 bits. * Multi-target feature configuration. GDB now supports the individual configuration of remote targets' feature sets. Based on the current selection of a target, the commands 'set remote -packet (on|off|auto)' and 'show remote -packet' can be used to configure a target's feature packet and to display its configuration, respectively. * GDB has initial built-in support for the Debugger Adapter Protocol. * For the break command, multiple uses of the 'thread' or 'task' keywords will now give an error instead of just using the thread or task id from the last instance of the keyword. E.g.: break foo thread 1 thread 2 will now give an error rather than using 'thread 2'. * For the watch command, multiple uses of the 'task' keyword will now give an error instead of just using the task id from the last instance of the keyword. E.g.: watch my_var task 1 task 2 will now give an error rather than using 'task 2'. The 'thread' keyword already gave an error when used multiple times with the watch command, this remains unchanged. * The 'set print elements' setting now helps when printing large arrays. If an array would otherwise exceed max-value-size, but 'print elements' is set such that the size of elements to print is less than or equal to 'max-value- size', GDB will now still print the array, however only 'max-value-size' worth of data will be added into the value history. * For both the break and watch commands, it is now invalid to use both the 'thread' and 'task' keywords within the same command. For example the following commnds will now give an error: break foothread 1 task 1 watch var thread 2 task 3 * The printf command now accepts a '%V' output format which will format an expression just as the 'print' command would. Print options can be placed withing '[...]' after the '%V' to modify how the value is printed. E.g: printf "%V", some_array printf "%V[-array-indexes on]", some_array will print the array without, or with array indexes included, just as the array would be printed by the 'print' command. This functionality is also available for dprintf when dprintf-style is 'gdb'. * When the printf command requires a string to be fetched from the inferior, GDB now uses the existing 'max-value-size' setting to the limit the memory allocated within GDB. The default 'max-value-size' is 64k. To print longer strings you should increase 'max-value-size'. * The Ada 2022 Enum_Rep and Enum_Val attributes are now supported. * The Ada 2022 target name symbol ('@') is now supported by the Ada expression parser. * The 'list' command now accepts '.' as an argument, which tells GDB to print the location around the point of execution within the current frame. If the inferior hasn't started yet, the command will print around the beginning of the 'main' function. * Using the 'list' command with no arguments in a situation where the command would attempt to list past the end of the file now warns the user that the end of file has been reached, refers the user to the newly added '.' argument * Breakpoints can now be inferior-specific. This is similar to the existing thread-specific breakpoint support. Breakpoint conditions can include the 'inferior' keyword followed by an inferior id (as displayed in the 'info inferiors' output). It is invalid to use the 'inferior' keyword with either the 'thread' or 'task' keywords when creating a breakpoint. * New convenience function "$_shell", to execute a shell command and return the result. This lets you run shell commands in expressions. Someexamples: (gdb) p $_shell("true") $1 = 0 (gdb) p $_shell("false") $2 = 1 (gdb) break func if $_shell("some command") == 0 * New commands: * set debug breakpoint on|off show debug breakpoint Print additional debug messages about breakpoint insertion and removal. * maintenance print record-instruction [ N ] Print the recorded information for a given instruction. If N is not given prints how GDB would undo the last instruction executed. If N is negative, prints how GDB would undo the N-th previous instruction, and if N is positive, it prints how GDB will redo the N-th following instruction. * maintenance info frame-unwinders List the frame unwinders currently in effect, starting with the highest priority. * maintenance wait-for-index-cache Wait until all pending writes to the index cache have completed. * set always-read-ctf on|off show always-read-ctf When off, CTF is only read if DWARF is not present. When on, CTF is read regardless of whether DWARF is present. Off by default. * info main Get main symbol to identify entry point into program. * set tui mouse-events [on|off] show tui mouse-events When on (default), mouse clicks control the TUI and can be accessed by Python extensions. When off, mouse clicks are handled by the terminal, enabling terminal-native text selection. * MI changes: * MI version 1 has been removed. * mi now reports 'no-history' as a stop reason when hitting the end of the reverse execution history. * When creating a thread-specific breakpoint using the '-p' option, the -break-insert command would report the 'thread' field twice in the reply. The content of both fields was always identical. This has now been fixed; the 'thread' field will be reported just once for thread-specific breakpoints, or not at all for breakpoints without a thread restriction. The same is also true for the 'task' field of an Ada task-specific breakpoint. * It is no longer possible to create athread-specific breakpoint for a thread that doesn't exist using '-break-insert -p ID'. Creating breakpoints for non-existent threads is not allowed when using the CLI, that the MI allowed it was a long standing bug, which has now been fixed. * The '\--simple-values' argument to the '-stack-list-arguments','-stack-list- locals', '-stack-list-variables', and '-var-list-children' commands now takes reference types into account: that is, a value is now considered simple if it is neither an array, structure, or union, nor a reference to an array, structure, or union. (Previously all references were considered simple.) Support for this feature can be verified by using the '-list- features' command, which should contain "simple-values-ref-types". * The -break-insert command now accepts a '-g thread-group-id' option to allow for the creation of inferior-specific breakpoints. * The bkpt tuple, which appears in breakpoint-created notifications, and in the result of the -break-insert command can now include an optional 'inferior' field for both the main breakpoint, and each location, when the breakpoint is inferior-specific. * Python API: * gdb.ThreadExitedEvent added. Emits a ThreadEvent. * The gdb.unwinder.Unwinder.name attribute is now read-only. * The name argument passed to gdb.unwinder.Unwinder. **init** must now be of type 'str' otherwise a TypeError will be raised. * The gdb.unwinder.Unwinder.enabled attribute can now only accept values of type 'bool'. Changing this attribute will now invalidate GDB's frame-cache, which means GDB will need to rebuild its frame-cache when next required - either with, or without the particular unwinder, depending on how 'enabled' was changed. * New methods added to the gdb.PendingFrame class. These methods have the same behaviour as the corresponding methods on gdb.Frame. The new methods are: * gdb.PendingFrame.name: Return the name for the frame's function, or None. *gdb.PendingFrame.is_valid: Return True if the pending frame object is valid. * gdb.PendingFrame.pc: Return the $pc register value for this frame. * gdb.PendingFrame.language: Return a string containing the language for this frame, or None. * gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line object for the current location within the pending frame, or None. * gdb.PendingFrame.block: Return a gdb.Block for the current pending frame, or None. * gdb.PendingFrame.function: Return a gdb.Symbol for the current pending frame, or None. * The frame-id passed to gdb.PendingFrame.create_unwind_info can now use either an integer or a gdb.Value object for each of its 'sp', 'pc', and 'special' attributes. * A new class gdb.unwinder.FrameId has been added. Instances of this class are constructed with 'sp' (stack-pointer) and 'pc' (program-counter) values, and can be used as the frame-id when calling gdb.PendingFrame.create_unwind_info. * It is now no longer possible to sub-class the gdb.disassembler.DisassemblerResult type. * The Disassembler API from the gdb.disassembler module has been extended to include styling support: * The DisassemblerResult class can now be initialized with a list of parts. Each part represents part of the disassembled instruction along with the associated style information. This list of parts can be accessed with the new DisassemblerResult.parts property. * New constants gdb.disassembler.STYLE_* representing all the different styles part of an instruction might have. * New methods DisassembleInfo.text_part and DisassembleInfo.address_part which are used to create the new styled parts of a disassembled instruction. * Changes are backwards compatible, the older API can still be used to disassemble instructions without styling. * New function gdb.execute_mi(COMMAND, [ARG]...), that invokes a GDB/MI command and returns the output as a Python dictionary. * New function gdb.block_signals(). This returns a context managerthat blocks any signals that GDB needs to handle itself. * New class gdb.Thread. This is a subclass of threading.Thread that calls gdb.block_signals in its "start" method. * gdb.parse_and_eval now has a new "global_context" parameter. This can be used to request that the parse only examine global symbols. * gdb.Inferior now has a new "arguments" attribute. This holds the command- line arguments to the inferior, if known. * gdb.Inferior now has a new "main_name" attribute. This holds the name of the inferior's "main", if known. * gdb.Inferior now has new methods "clear_env", "set_env", and "unset_env". These can be used to modify the inferior's environment before it is started. * gdb.Value now has the 'assign' method. * gdb.Value now has the 'to_array' method. This converts an array-like Value to an array. * gdb.Progspace now has the new method "objfile_for_address". This returns the gdb.Objfile, if any, that covers a given address. * gdb.Breakpoint now has an "inferior" attribute. If the Breakpoint object is inferior specific then this attribute holds the inferior-id (an integer). If the Breakpoint object is not inferior specific, then this field contains None. This field can be written too. * gdb.Type now has the "is_array_like" and "is_string_like" methods. These reflect GDB's internal idea of whether a type might be array- or string- like, even if they do not have the corresponding type code. * gdb.ValuePrinter is a new class that can be used as the base class for the result of applying a pretty-printer. As a base class, it signals to gdb that the printer may implement new pretty-printer methods. * New attribute Progspace.symbol_file. This attribute holds the gdb.Objfile that corresponds to Progspace.filename (when Progspace.filename is not None), otherwise, this attribute is itself None. * New attribute Progspace.executable_filename. This attribute holds a string containing a file name set by the "exec-file" or"file" commands, or None if no executable file is set. This isn't the exact string passed by the user to these commands; the file name will have been partially resolved to an absolute file name. * A new executable_changed event registry is available. This event emits ExecutableChangedEvent objects, which have 'progspace' (a gdb.Progspace) and 'reload' (a Boolean) attributes. This event is emitted when gdb.Progspace.executable_filename changes. * New event registries gdb.events.new_progspace and gdb.events.free_progspace, these emit NewProgspaceEvent and FreeProgspaceEvent event types respectively. Both of these event types have a single 'progspace' attribute, which is the gdb.Progspace that is either being added to GDB, or removed from GDB. * gdb.LazyString now implements the **str** method. * New method gdb.Frame.static_link that returns the outer frame of a nested function frame. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4413=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4413=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4413=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-4413=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4413=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4413=1 * SUSE Linux Enterprise Server 15 SP2 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4413=1 ## Package List: * SUSE LinuxEnterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 * SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64) * gdb-debuginfo-14.2-150100.8.45.1 * gdbserver-14.2-150100.8.45.1 * gdbserver-debuginfo-14.2-150100.8.45.1 * gdb-14.2-150100.8.45.1 * gdb-debugsource-14.2-150100.8.45.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4806.html * https://bugzilla.suse.com/show_bug.cgi?id=1220490 *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10258&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10751&page_caps=&user_role= . GDB security patch for CVE-2022-4806, featuring enhancements and guidelines for installation.. gdb security update,SUSE Linux Enterprise,gdb moderate security advisory,security updates for SUSE. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability and contains two features can now be installed.. # Security update for gdb Announcement ID: SUSE-SU-2024:4414-1 Release Date: 2024-12-23T19:43:48Z Rating: moderate References: * bsc#1220490 * jsc#PED-10258 * jsc#PED-10751 Cross-References: * CVE-2022-4806 CVSS scores: * CVE-2022-4806 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-4806 ( NVD ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and contains two features can now be installed. ## Description: This update for gdb fixes the following issues: Mention changes in GDB 14: * GDB now supports the AArch64 Scalable Matrix Extension 2 (SME2), which includes a new 512 bit lookup table register named ZT0. * GDB now supports the AArch64 Scalable Matrix Extension (SME), which includes a new matrix register named ZA, a new thread register TPIDR2 and a new vector length register SVG (streaming vector granule). GDB also supports tracking ZAstate across signal frames. Some features are still under development or are dependent on ABI specs that are still in alpha stage. For example, manual function calls with ZA state don't have any special handling, and tracking of SVG changes based on DWARF information is still not implemented, but there are plans to do so in the future. * GDB now recognizes the NO_COLOR environment variable and disables styling according to the spec. See https://no-color.org/. Styling can be re-enabled with "set style enabled on". * The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature string has been deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2' feature string. * GDB now has some support for integer types larger than 64 bits. * Multi-target feature configuration. GDB now supports the individual configuration of remote targets' feature sets. Based on the current selection of a target, the commands 'set remote -packet (on|off|auto)' and 'show remote -packet' can be used to configure a target's feature packet and to display its configuration, respectively. * GDB has initial built-in support for the Debugger Adapter Protocol. * For the break command, multiple uses of the 'thread' or 'task' keywords will now give an error instead of just using the thread or task id from the last instance of the keyword. E.g.: break foo thread 1 thread 2 will now give an error rather than using 'thread 2'. * For the watch command, multiple uses of the 'task' keyword will now give an error instead of just using the task id from the last instance of the keyword. E.g.: watch my_var task 1 task 2 will now give an error rather than using 'task 2'. The 'thread' keyword already gave an error when used multiple times with the watch command, this remains unchanged. * The 'set print elements' setting now helps when printing large arrays. If an array would otherwise exceed max-value-size, but 'print elements' is set such that thesize of elements to print is less than or equal to 'max-value- size', GDB will now still print the array, however only 'max-value-size' worth of data will be added into the value history. * For both the break and watch commands, it is now invalid to use both the 'thread' and 'task' keywords within the same command. For example the following commnds will now give an error: break foo thread 1 task 1 watch var thread 2 task 3 * The printf command now accepts a '%V' output format which will format an expression just as the 'print' command would. Print options can be placed withing '[...]' after the '%V' to modify how the value is printed. E.g: printf "%V", some_array printf "%V[-array-indexes on]", some_array will print the array without, or with array indexes included, just as the array would be printed by the 'print' command. This functionality is also available for dprintf when dprintf-style is 'gdb'. * When the printf command requires a string to be fetched from the inferior, GDB now uses the existing 'max-value-size' setting to the limit the memory allocated within GDB. The default 'max-value-size' is 64k. To print longer strings you should increase 'max-value-size'. * The Ada 2022 Enum_Rep and Enum_Val attributes are now supported. * The Ada 2022 target name symbol ('@') is now supported by the Ada expression parser. * The 'list' command now accepts '.' as an argument, which tells GDB to print the location around the point of execution within the current frame. If the inferior hasn't started yet, the command will print around the beginning of the 'main' function. * Using the 'list' command with no arguments in a situation where the command would attempt to list past the end of the file now warns the user that the end of file has been reached, refers the user to the newly added '.' argument * Breakpoints can now be inferior-specific. This is similar to the existing thread-specific breakpoint support.Breakpoint conditions can include the 'inferior' keyword followed by an inferior id (as displayed in the 'info inferiors' output). It is invalid to use the 'inferior' keyword with either the 'thread' or 'task' keywords when creating a breakpoint. * New convenience function "$_shell", to execute a shell command and return the result. This lets you run shell commands in expressions. Some examples: (gdb) p $_shell("true") $1 = 0 (gdb) p $_shell("false") $2 = 1 (gdb) break func if $_shell("some command") == 0 * New commands: * set debug breakpoint on|off show debug breakpoint Print additional debug messages about breakpoint insertion and removal. * maintenance print record-instruction [ N ] Print the recorded information for a given instruction. If N is not given prints how GDB would undo the last instruction executed. If N is negative, prints how GDB would undo the N-th previous instruction, and if N is positive, it prints how GDB will redo the N-th following instruction. * maintenance info frame-unwinders List the frame unwinders currently in effect, starting with the highest priority. * maintenance wait-for-index-cache Wait until all pending writes to the index cache have completed. * set always-read-ctf on|off show always-read-ctf When off, CTF is only read if DWARF is not present. When on, CTF is read regardless of whether DWARF is present. Off by default. * info main Get main symbol to identify entry point into program. * set tui mouse-events [on|off] show tui mouse-events When on (default), mouse clicks control the TUI and can be accessed by Python extensions. When off, mouse clicks are handled by the terminal, enabling terminal-native text selection. * MI changes: * MI version 1 has been removed. * mi now reports 'no-history' as a stop reason when hitting the end of the reverse execution history. * When creating a thread-specific breakpoint using the '-p' option, the -break-insert command wouldreport the 'thread' field twice in the reply. The content of both fields was always identical. This has now been fixed; the 'thread' field will be reported just once for thread-specific breakpoints, or not at all for breakpoints without a thread restriction. The same is also true for the 'task' field of an Ada task-specific breakpoint. * It is no longer possible to create a thread-specific breakpoint for a thread that doesn't exist using '-break-insert -p ID'. Creating breakpoints for non-existent threads is not allowed when using the CLI, that the MI allowed it was a long standing bug, which has now been fixed. * The '\--simple-values' argument to the '-stack-list-arguments','-stack-list- locals', '-stack-list-variables', and '-var-list-children' commands now takes reference types into account: that is, a value is now considered simple if it is neither an array, structure, or union, nor a reference to an array, structure, or union. (Previously all references were considered simple.) Support for this feature can be verified by using the '-list- features' command, which should contain "simple-values-ref-types". * The -break-insert command now accepts a '-g thread-group-id' option to allow for the creation of inferior-specific breakpoints. * The bkpt tuple, which appears in breakpoint-created notifications, and in the result of the -break-insert command can now include an optional 'inferior' field for both the main breakpoint, and each location, when the breakpoint is inferior-specific. * Python API: * gdb.ThreadExitedEvent added. Emits a ThreadEvent. * The gdb.unwinder.Unwinder.name attribute is now read-only. * The name argument passed to gdb.unwinder.Unwinder. **init** must now be of type 'str' otherwise a TypeError will be raised. * The gdb.unwinder.Unwinder.enabled attribute can now only accept values of type 'bool'. Changing this attribute will now invalidate GDB's frame-cache, which means GDB will need to rebuild itsframe-cache when next required - either with, or without the particular unwinder, depending on how 'enabled' was changed. * New methods added to the gdb.PendingFrame class. These methods have the same behaviour as the corresponding methods on gdb.Frame. The new methods are: * gdb.PendingFrame.name: Return the name for the frame's function, or None. * gdb.PendingFrame.is_valid: Return True if the pending frame object is valid. * gdb.PendingFrame.pc: Return the $pc register value for this frame. * gdb.PendingFrame.language: Return a string containing the language for this frame, or None. * gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line object for the current location within the pending frame, or None. * gdb.PendingFrame.block: Return a gdb.Block for the current pending frame, or None. * gdb.PendingFrame.function: Return a gdb.Symbol for the current pending frame, or None. * The frame-id passed to gdb.PendingFrame.create_unwind_info can now use either an integer or a gdb.Value object for each of its 'sp', 'pc', and 'special' attributes. * A new class gdb.unwinder.FrameId has been added. Instances of this class are constructed with 'sp' (stack-pointer) and 'pc' (program-counter) values, and can be used as the frame-id when calling gdb.PendingFrame.create_unwind_info. * It is now no longer possible to sub-class the gdb.disassembler.DisassemblerResult type. * The Disassembler API from the gdb.disassembler module has been extended to include styling support: * The DisassemblerResult class can now be initialized with a list of parts. Each part represents part of the disassembled instruction along with the associated style information. This list of parts can be accessed with the new DisassemblerResult.parts property. * New constants gdb.disassembler.STYLE_* representing all the different styles part of an instruction might have. * New methods DisassembleInfo.text_part and DisassembleInfo.address_part which are used tocreate the new styled parts of a disassembled instruction. * Changes are backwards compatible, the older API can still be used to disassemble instructions without styling. * New function gdb.execute_mi(COMMAND, [ARG]...), that invokes a GDB/MI command and returns the output as a Python dictionary. * New function gdb.block_signals(). This returns a context manager that blocks any signals that GDB needs to handle itself. * New class gdb.Thread. This is a subclass of threading.Thread that calls gdb.block_signals in its "start" method. * gdb.parse_and_eval now has a new "global_context" parameter. This can be used to request that the parse only examine global symbols. * gdb.Inferior now has a new "arguments" attribute. This holds the command- line arguments to the inferior, if known. * gdb.Inferior now has a new "main_name" attribute. This holds the name of the inferior's "main", if known. * gdb.Inferior now has new methods "clear_env", "set_env", and "unset_env". These can be used to modify the inferior's environment before it is started. * gdb.Value now has the 'assign' method. * gdb.Value now has the 'to_array' method. This converts an array-like Value to an array. * gdb.Progspace now has the new method "objfile_for_address". This returns the gdb.Objfile, if any, that covers a given address. * gdb.Breakpoint now has an "inferior" attribute. If the Breakpoint object is inferior specific then this attribute holds the inferior-id (an integer). If the Breakpoint object is not inferior specific, then this field contains None. This field can be written too. * gdb.Type now has the "is_array_like" and "is_string_like" methods. These reflect GDB's internal idea of whether a type might be array- or string- like, even if they do not have the corresponding type code. * gdb.ValuePrinter is a new class that can be used as the base class for the result of applying a pretty-printer. As a base class, it signals to gdb that the printermay implement new pretty-printer methods. * New attribute Progspace.symbol_file. This attribute holds the gdb.Objfile that corresponds to Progspace.filename (when Progspace.filename is not None), otherwise, this attribute is itself None. * New attribute Progspace.executable_filename. This attribute holds a string containing a file name set by the "exec-file" or "file" commands, or None if no executable file is set. This isn't the exact string passed by the user to these commands; the file name will have been partially resolved to an absolute file name. * A new executable_changed event registry is available. This event emits ExecutableChangedEvent objects, which have 'progspace' (a gdb.Progspace) and 'reload' (a Boolean) attributes. This event is emitted when gdb.Progspace.executable_filename changes. * New event registries gdb.events.new_progspace and gdb.events.free_progspace, these emit NewProgspaceEvent and FreeProgspaceEvent event types respectively. Both of these event types have a single 'progspace' attribute, which is the gdb.Progspace that is either being added to GDB, or removed from GDB. * gdb.LazyString now implements the **str** method. * New method gdb.Frame.static_link that returns the outer frame of a nested function frame. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4414=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4414=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-4414=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4414=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4414=1 * SUSE Linux Enterprise High Performance Computing ESPOS15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4414=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4414=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4414=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4414=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4414=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * gdb-testresults-14.2-150400.15.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gdbserver-64bit-14.2-150400.15.20.1 * gdb-64bit-debuginfo-14.2-150400.15.20.1 * gdbserver-64bit-debuginfo-14.2-150400.15.20.1 * gdb-64bit-14.2-150400.15.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-14.2-150400.15.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-14.2-150400.15.20.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 *gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4806.html * https://bugzilla.suse.com/show_bug.cgi?id=1220490 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10258&page_caps=&user_role= *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10751&page_caps=&user_role= . Fedora enhances its kernel package in light of a recent security alert. These improvements involve minor-risk patches and additional capabilities. Keep your system safe!. gdb update, openSUSE security, advisory fix, Linux bug fix. . LinuxSecurity.com Team
* bsc#1220490 * jsc#PED-10258 * jsc#PED-10751 Cross-References: . # Security update for gdb Announcement ID: SUSE-SU-2024:4414-1 Release Date: 2024-12-23T19:43:48Z Rating: moderate References: * bsc#1220490 * jsc#PED-10258 * jsc#PED-10751 Cross-References: * CVE-2022-4806 CVSS scores: * CVE-2022-4806 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-4806 ( NVD ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and contains two features can now be installed. ## Description: This update for gdb fixes the following issues: Mention changes in GDB 14: * GDB now supports the AArch64 Scalable Matrix Extension 2 (SME2), which includes a new 512 bit lookup table register named ZT0. * GDB now supports the AArch64 Scalable Matrix Extension (SME), which includes a new matrix register named ZA, a new thread register TPIDR2 and a new vector length register SVG (streaming vector granule). GDB also supports tracking ZA state across signalframes. Some features are still under development or are dependent on ABI specs that are still in alpha stage. For example, manual function calls with ZA state don't have any special handling, and tracking of SVG changes based on DWARF information is still not implemented, but there are plans to do so in the future. * GDB now recognizes the NO_COLOR environment variable and disables styling according to the spec. See https://no-color.org/. Styling can be re-enabled with "set style enabled on". * The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature string has been deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2' feature string. * GDB now has some support for integer types larger than 64 bits. * Multi-target feature configuration. GDB now supports the individual configuration of remote targets' feature sets. Based on the current selection of a target, the commands 'set remote -packet (on|off|auto)' and 'show remote -packet' can be used to configure a target's feature packet and to display its configuration, respectively. * GDB has initial built-in support for the Debugger Adapter Protocol. * For the break command, multiple uses of the 'thread' or 'task' keywords will now give an error instead of just using the thread or task id from the last instance of the keyword. E.g.: break foo thread 1 thread 2 will now give an error rather than using 'thread 2'. * For the watch command, multiple uses of the 'task' keyword will now give an error instead of just using the task id from the last instance of the keyword. E.g.: watch my_var task 1 task 2 will now give an error rather than using 'task 2'. The 'thread' keyword already gave an error when used multiple times with the watch command, this remains unchanged. * The 'set print elements' setting now helps when printing large arrays. If an array would otherwise exceed max-value-size, but 'print elements' is set such that the size of elements toprint is less than or equal to 'max-value- size', GDB will now still print the array, however only 'max-value-size' worth of data will be added into the value history. * For both the break and watch commands, it is now invalid to use both the 'thread' and 'task' keywords within the same command. For example the following commnds will now give an error: break foo thread 1 task 1 watch var thread 2 task 3 * The printf command now accepts a '%V' output format which will format an expression just as the 'print' command would. Print options can be placed withing '[...]' after the '%V' to modify how the value is printed. E.g: printf "%V", some_array printf "%V[-array-indexes on]", some_array will print the array without, or with array indexes included, just as the array would be printed by the 'print' command. This functionality is also available for dprintf when dprintf-style is 'gdb'. * When the printf command requires a string to be fetched from the inferior, GDB now uses the existing 'max-value-size' setting to the limit the memory allocated within GDB. The default 'max-value-size' is 64k. To print longer strings you should increase 'max-value-size'. * The Ada 2022 Enum_Rep and Enum_Val attributes are now supported. * The Ada 2022 target name symbol ('@') is now supported by the Ada expression parser. * The 'list' command now accepts '.' as an argument, which tells GDB to print the location around the point of execution within the current frame. If the inferior hasn't started yet, the command will print around the beginning of the 'main' function. * Using the 'list' command with no arguments in a situation where the command would attempt to list past the end of the file now warns the user that the end of file has been reached, refers the user to the newly added '.' argument * Breakpoints can now be inferior-specific. This is similar to the existing thread-specific breakpoint support. Breakpoint conditions caninclude the 'inferior' keyword followed by an inferior id (as displayed in the 'info inferiors' output). It is invalid to use the 'inferior' keyword with either the 'thread' or 'task' keywords when creating a breakpoint. * New convenience function "$_shell", to execute a shell command and return the result. This lets you run shell commands in expressions. Some examples: (gdb) p $_shell("true") $1 = 0 (gdb) p $_shell("false") $2 = 1 (gdb) break func if $_shell("some command") == 0 * New commands: * set debug breakpoint on|off show debug breakpoint Print additional debug messages about breakpoint insertion and removal. * maintenance print record-instruction [ N ] Print the recorded information for a given instruction. If N is not given prints how GDB would undo the last instruction executed. If N is negative, prints how GDB would undo the N-th previous instruction, and if N is positive, it prints how GDB will redo the N-th following instruction. * maintenance info frame-unwinders List the frame unwinders currently in effect, starting with the highest priority. * maintenance wait-for-index-cache Wait until all pending writes to the index cache have completed. * set always-read-ctf on|off show always-read-ctf When off, CTF is only read if DWARF is not present. When on, CTF is read regardless of whether DWARF is present. Off by default. * info main Get main symbol to identify entry point into program. * set tui mouse-events [on|off] show tui mouse-events When on (default), mouse clicks control the TUI and can be accessed by Python extensions. When off, mouse clicks are handled by the terminal, enabling terminal-native text selection. * MI changes: * MI version 1 has been removed. * mi now reports 'no-history' as a stop reason when hitting the end of the reverse execution history. * When creating a thread-specific breakpoint using the '-p' option, the -break-insert command would report the 'thread' fieldtwice in the reply. The content of both fields was always identical. This has now been fixed; the 'thread' field will be reported just once for thread-specific breakpoints, or not at all for breakpoints without a thread restriction. The same is also true for the 'task' field of an Ada task-specific breakpoint. * It is no longer possible to create a thread-specific breakpoint for a thread that doesn't exist using '-break-insert -p ID'. Creating breakpoints for non-existent threads is not allowed when using the CLI, that the MI allowed it was a long standing bug, which has now been fixed. * The '\--simple-values' argument to the '-stack-list-arguments','-stack-list- locals', '-stack-list-variables', and '-var-list-children' commands now takes reference types into account: that is, a value is now considered simple if it is neither an array, structure, or union, nor a reference to an array, structure, or union. (Previously all references were considered simple.) Support for this feature can be verified by using the '-list- features' command, which should contain "simple-values-ref-types". * The -break-insert command now accepts a '-g thread-group-id' option to allow for the creation of inferior-specific breakpoints. * The bkpt tuple, which appears in breakpoint-created notifications, and in the result of the -break-insert command can now include an optional 'inferior' field for both the main breakpoint, and each location, when the breakpoint is inferior-specific. * Python API: * gdb.ThreadExitedEvent added. Emits a ThreadEvent. * The gdb.unwinder.Unwinder.name attribute is now read-only. * The name argument passed to gdb.unwinder.Unwinder. **init** must now be of type 'str' otherwise a TypeError will be raised. * The gdb.unwinder.Unwinder.enabled attribute can now only accept values of type 'bool'. Changing this attribute will now invalidate GDB's frame-cache, which means GDB will need to rebuild its frame-cache when nextrequired - either with, or without the particular unwinder, depending on how 'enabled' was changed. * New methods added to the gdb.PendingFrame class. These methods have the same behaviour as the corresponding methods on gdb.Frame. The new methods are: * gdb.PendingFrame.name: Return the name for the frame's function, or None. * gdb.PendingFrame.is_valid: Return True if the pending frame object is valid. * gdb.PendingFrame.pc: Return the $pc register value for this frame. * gdb.PendingFrame.language: Return a string containing the language for this frame, or None. * gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line object for the current location within the pending frame, or None. * gdb.PendingFrame.block: Return a gdb.Block for the current pending frame, or None. * gdb.PendingFrame.function: Return a gdb.Symbol for the current pending frame, or None. * The frame-id passed to gdb.PendingFrame.create_unwind_info can now use either an integer or a gdb.Value object for each of its 'sp', 'pc', and 'special' attributes. * A new class gdb.unwinder.FrameId has been added. Instances of this class are constructed with 'sp' (stack-pointer) and 'pc' (program-counter) values, and can be used as the frame-id when calling gdb.PendingFrame.create_unwind_info. * It is now no longer possible to sub-class the gdb.disassembler.DisassemblerResult type. * The Disassembler API from the gdb.disassembler module has been extended to include styling support: * The DisassemblerResult class can now be initialized with a list of parts. Each part represents part of the disassembled instruction along with the associated style information. This list of parts can be accessed with the new DisassemblerResult.parts property. * New constants gdb.disassembler.STYLE_* representing all the different styles part of an instruction might have. * New methods DisassembleInfo.text_part and DisassembleInfo.address_part which are used to create the new styled partsof a disassembled instruction. * Changes are backwards compatible, the older API can still be used to disassemble instructions without styling. * New function gdb.execute_mi(COMMAND, [ARG]...), that invokes a GDB/MI command and returns the output as a Python dictionary. * New function gdb.block_signals(). This returns a context manager that blocks any signals that GDB needs to handle itself. * New class gdb.Thread. This is a subclass of threading.Thread that calls gdb.block_signals in its "start" method. * gdb.parse_and_eval now has a new "global_context" parameter. This can be used to request that the parse only examine global symbols. * gdb.Inferior now has a new "arguments" attribute. This holds the command- line arguments to the inferior, if known. * gdb.Inferior now has a new "main_name" attribute. This holds the name of the inferior's "main", if known. * gdb.Inferior now has new methods "clear_env", "set_env", and "unset_env". These can be used to modify the inferior's environment before it is started. * gdb.Value now has the 'assign' method. * gdb.Value now has the 'to_array' method. This converts an array-like Value to an array. * gdb.Progspace now has the new method "objfile_for_address". This returns the gdb.Objfile, if any, that covers a given address. * gdb.Breakpoint now has an "inferior" attribute. If the Breakpoint object is inferior specific then this attribute holds the inferior-id (an integer). If the Breakpoint object is not inferior specific, then this field contains None. This field can be written too. * gdb.Type now has the "is_array_like" and "is_string_like" methods. These reflect GDB's internal idea of whether a type might be array- or string- like, even if they do not have the corresponding type code. * gdb.ValuePrinter is a new class that can be used as the base class for the result of applying a pretty-printer. As a base class, it signals to gdb that the printer may implement newpretty-printer methods. * New attribute Progspace.symbol_file. This attribute holds the gdb.Objfile that corresponds to Progspace.filename (when Progspace.filename is not None), otherwise, this attribute is itself None. * New attribute Progspace.executable_filename. This attribute holds a string containing a file name set by the "exec-file" or "file" commands, or None if no executable file is set. This isn't the exact string passed by the user to these commands; the file name will have been partially resolved to an absolute file name. * A new executable_changed event registry is available. This event emits ExecutableChangedEvent objects, which have 'progspace' (a gdb.Progspace) and 'reload' (a Boolean) attributes. This event is emitted when gdb.Progspace.executable_filename changes. * New event registries gdb.events.new_progspace and gdb.events.free_progspace, these emit NewProgspaceEvent and FreeProgspaceEvent event types respectively. Both of these event types have a single 'progspace' attribute, which is the gdb.Progspace that is either being added to GDB, or removed from GDB. * gdb.LazyString now implements the **str** method. * New method gdb.Frame.static_link that returns the outer frame of a nested function frame. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4414=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4414=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-4414=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4414=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4414=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4414=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4414=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4414=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4414=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4414=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * gdb-testresults-14.2-150400.15.20.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gdbserver-64bit-14.2-150400.15.20.1 * gdb-64bit-debuginfo-14.2-150400.15.20.1 * gdbserver-64bit-debuginfo-14.2-150400.15.20.1 * gdb-64bit-14.2-150400.15.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-14.2-150400.15.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-14.2-150400.15.20.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gdb-debugsource-14.2-150400.15.20.1 * gdb-debuginfo-14.2-150400.15.20.1 * gdbserver-14.2-150400.15.20.1 * gdb-14.2-150400.15.20.1 * gdbserver-debuginfo-14.2-150400.15.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4806.html * https://bugzilla.suse.com/show_bug.cgi?id=1220490 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10258&page_caps=&user_role= *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10751&page_caps=&user_role= . Important SUSE enhancement for gdb addressing a significant security vulnerability. Comprehensive information and patch guidance provided.. gdb security update, SUSE patch, software vulnerabilities, Linux security advisory. . LinuxSecurity.com Team
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285) A potential heap based buffer overflow was found in . MGASA-2024-0246 - Updated gdb packages fix security vulnerabilities Publication date: 01 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0246.html Type: security Affected Mageia releases: 9 CVE: CVE-2022-4285, CVE-2023-1972, CVE-2023-39128, CVE-2023-39129, CVE-2023-39130 An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285) A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. (CVE-2023-39128) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. (CVE-2023-39129) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. (CVE-2023-39130) References: - https://bugs.mageia.org/show_bug.cgi?id=33319 - https://ubuntu.com/security/notices/USN-6842-1 - https://www.cve.org/CVERecord?id=CVE-2022-4285 - https://www.cve.org/CVERecord?id=CVE-2023-1972 - https://www.cve.org/CVERecord?id=CVE-2023-39128 - https://www.cve.org/CVERecord?id=CVE-2023-39129 - https://www.cve.org/CVERecord?id=CVE-2023-39130 SRPMS: - 9/core/gdb-12.1-7.1.mga9 . Recent updates to gdb packages resolve significant security concerns associated with vulnerabilities within Mageia. Prompt attention is recommended.. gdb security,Mageia securityadvisory,heap overflow,denial of service,memory issue. . LinuxSecurity.com Team
gdb could be made to crash if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6842-1 June 20, 2024 gdb vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: gdb could be made to crash if it opened a specially crafted file. Software Description: - gdb: GNU Debugger Details: It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285) It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-1972) It was discovered that gdb incorrectly handled memory leading to a stack overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39128) It was discovered that gdb had a use after free vulnerability under certain circumstances. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39129) It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39130) Updateinstructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS gdb 12.1-0ubuntu1~22.04.2 gdbserver 12.1-0ubuntu1~22.04.2 Ubuntu 20.04 LTS gdb 9.2-0ubuntu1~20.04.2 gdbserver 9.2-0ubuntu1~20.04.2 Ubuntu 18.04 LTS gdb 8.1.1-0ubuntu1+esm1 Available with Ubuntu Pro gdbserver 8.1.1-0ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS gdb 7.11.1-0ubuntu1~16.5+esm1 Available with Ubuntu Pro gdbserver 7.11.1-0ubuntu1~16.5+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6842-1 CVE-2022-4285, CVE-2023-1972, CVE-2023-39128, CVE-2023-39129, CVE-2023-39130 Package Information: https://launchpad.net/ubuntu/+source/gdb/12.1-0ubuntu1~22.04.2 https://launchpad.net/ubuntu/+source/gdb/9.2-0ubuntu1~20.04.2 . Recent enhancements for gdb have addressed significant vulnerabilities that could lead to system crashes and potential code execution issues across various Ubuntu iterations.. gdb Security Notice, Denial Of Service, Buffer Overflow, Stack Overflow, Ubuntu Updates. . Severity: Important. LinuxSecurity.com Team
* bsc#1068950 * bsc#1081527 * bsc#1211052 * jsc#PED-6584 . # Security update for gdb Announcement ID: SUSE-SU-2024:0898-1 Rating: moderate References: * bsc#1068950 * bsc#1081527 * bsc#1211052 * jsc#PED-6584 Cross-References: * CVE-2017-16829 * CVE-2018-7208 * CVE-2022-48064 CVSS scores: * CVE-2017-16829 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-16829 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-7208 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-7208 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48064 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2022-48064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for gdb fixes the following issues: * Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: *Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as "nibbles". The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set[-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The "info breakpoints" now displays enabled breakpoint locations of disabled breakpoints as in the "y-" state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format "/b" has been introduce to provide the old behavior of "/r". * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new "set style tui-current-position" command. * It is now possible to use the "document" command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the "set/show debug solib" commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-898=1 * openSUSE Leap 15.5 zypper in -t patchopenSUSE-SLE-15.5-2024-898=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-898=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-898=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-898=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-898=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-898=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-898=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * gdb-testresults-13.2-150400.15.14.4 * openSUSE Leap 15.4 (aarch64_ilp32) * gdb-64bit-debuginfo-13.2-150400.15.14.1 * gdbserver-64bit-13.2-150400.15.14.1 * gdbserver-64bit-debuginfo-13.2-150400.15.14.1 * gdb-64bit-13.2-150400.15.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-13.2-150400.15.14.4 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 *gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gdb-debugsource-13.2-150400.15.14.1 * gdb-13.2-150400.15.14.1 * gdbserver-13.2-150400.15.14.1 * gdb-debuginfo-13.2-150400.15.14.1 * gdbserver-debuginfo-13.2-150400.15.14.1 ## References: * https://www.suse.com/security/cve/CVE-2017-16829.html * https://www.suse.com/security/cve/CVE-2018-7208.html * https://www.suse.com/security/cve/CVE-2022-48064.html * https://bugzilla.suse.com/show_bug.cgi?id=1068950 * https://bugzilla.suse.com/show_bug.cgi?id=1081527 * https://bugzilla.suse.com/show_bug.cgi?id=1211052 * . Canonical announces critical patch for snapd addressing multiple vulnerabilities with significant risk factors across diverse versions.. gdb security patch, SUSE Linux security, moderate update, Linux development tools. . LinuxSecurity.com Team
* bsc#1068950 * bsc#1081527 * bsc#1211052 * jsc#PED-6584 . # Security update for gdb Announcement ID: SUSE-SU-2024:0899-1 Rating: moderate References: * bsc#1068950 * bsc#1081527 * bsc#1211052 * jsc#PED-6584 Cross-References: * CVE-2017-16829 * CVE-2018-7208 * CVE-2022-48064 CVSS scores: * CVE-2017-16829 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-16829 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-7208 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-7208 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-48064 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N * CVE-2022-48064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for gdb fixes the following issues: * Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver)loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as "nibbles". The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async recordstating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The "info breakpoints" now displays enabled breakpoint locations of disabled breakpoints as in the "y-" state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format "/b" has been introduce to provide the old behavior of "/r". * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new "set style tui-current-position" command. * It is now possible to use the "document" command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the "set/show debug solib" commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-899=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patchSUSE-SLE-Product-HPC-15-SP3-LTSS-2024-899=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-899=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-899=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-899=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-899=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-899=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gdbserver-13.2-150100.8.39.1 * gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gdbserver-13.2-150100.8.39.1 * gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gdbserver-13.2-150100.8.39.1 * gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gdbserver-13.2-150100.8.39.1 * gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gdbserver-13.2-150100.8.39.1 * gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gdbserver-13.2-150100.8.39.1 *gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gdbserver-13.2-150100.8.39.1 * gdbserver-debuginfo-13.2-150100.8.39.1 * gdb-debuginfo-13.2-150100.8.39.1 * gdb-debugsource-13.2-150100.8.39.1 * gdb-13.2-150100.8.39.1 ## References: * https://www.suse.com/security/cve/CVE-2017-16829.html * https://www.suse.com/security/cve/CVE-2018-7208.html * https://www.suse.com/security/cve/CVE-2022-48064.html * https://bugzilla.suse.com/show_bug.cgi?id=1068950 * https://bugzilla.suse.com/show_bug.cgi?id=1081527 * https://bugzilla.suse.com/show_bug.cgi?id=1211052 * . Crucial SUSE patch enhances gdb safety by addressing identified flaws. Keep your system protected with timely updates.. SUSE Linux,gdb security,software update,patch management. . LinuxSecurity.com Team
libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c (CVE-2021-3826) binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file (CVE-2022-38533) . MGASA-2022-0425 - Updated binutils/gdb packages fix security vulnerability Publication date: 13 Nov 2022 URL: https://advisories.mageia.org/MGASA-2022-0425.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3826, CVE-2022-38533 libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c (CVE-2021-3826) binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file (CVE-2022-38533) References: - https://bugs.mageia.org/show_bug.cgi?id=31092 - https://lists.fedoraproject.org/archives/list/
Get the latest Linux and open source security news straight to your inbox.