Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorysoftware patchsecurity fixSUSE Linux Server 12 SP5: 2024:0319-1 Moderate GDB Security Update
* bsc#1068950 * bsc#1081527 * bsc#1211052 * jsc#PED-6584 . # Security update for gdb Announcement ID: SUSE-SU-2024:0319-1 Rating: moderate References: * bsc#1068950 * bsc#1081527 * bsc#1211052 * jsc#PED-6584 Cross-References: * CVE-2017-16829 * CVE-2018-7208 * CVE-2022-4806 CVSS scores: * CVE-2017-16829 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-16829 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-7208 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-7208 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-4806 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-4806 ( NVD ): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for gdb fixes the following issues: * Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as "nibbles". Thedefault is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to thebreakpoint number and the breakpoint location number of the breakpoint last hit. * The "info breakpoints" now displays enabled breakpoint locations of disabled breakpoints as in the "y-" state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format "/b" has been introduce to provide the old behavior of "/r". * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new "set style tui-current-position" command. * It is now possible to use the "document" command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the "set/show debug solib" commands instead. See the NEWS file for a more complete and detailed list of what this release includes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-319=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-319=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-319=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-319=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gdbserver-debuginfo-13.2-2.23.1 * gdbserver-13.2-2.23.1 *gdb-debuginfo-13.2-2.23.1 * gdb-debugsource-13.2-2.23.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x) * gdbserver-debuginfo-32bit-13.2-2.23.1 * gdbserver-32bit-13.2-2.23.1 * gdb-debuginfo-32bit-13.2-2.23.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gdb-debuginfo-13.2-2.23.1 * gdb-13.2-2.23.1 * gdb-debugsource-13.2-2.23.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gdb-debuginfo-13.2-2.23.1 * gdb-13.2-2.23.1 * gdb-debugsource-13.2-2.23.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gdb-debuginfo-13.2-2.23.1 * gdb-13.2-2.23.1 * gdb-debugsource-13.2-2.23.1 ## References: * https://www.suse.com/security/cve/CVE-2017-16829.html * https://www.suse.com/security/cve/CVE-2018-7208.html * https://www.suse.com/security/cve/CVE-2022-4806.html * https://bugzilla.suse.com/show_bug.cgi?id=1068950 * https://bugzilla.suse.com/show_bug.cgi?id=1081527 * https://bugzilla.suse.com/show_bug.cgi?id=1211052 * . SUSE Linux's latest security bulletin discusses a significant update for the gdb package, which tackles various security vulnerabilities and introduces improvements.. SUSE Linux,gdb update,moderate severity,security fix,software patch. . LinuxSecurity.com Team
Feb 02, 2024
SuSE
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 6 RHSA-2013:0522-02 Moderate: GDB Security Fix
Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gdb security and bug fix update Advisory ID: RHSA-2013:0522-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0522.html Issue date: 2013-02-21 CVE Names: CVE-2011-4355 ==================================================================== 1. Summary: Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain systemdirectories by default. The list of trusted directories can be viewed and modified using the "show auto-load safe-path" and "set auto-load safe-path" GDB commands. Refer to the GDB manual, linked to in the References, for further information. This update also fixes the following bugs: * When a struct member was at an offset greater than 256 MB, the resulting bit position within the struct overflowed and caused an invalid memory access by GDB. With this update, the code has been modified to ensure that GDB can access such positions. (BZ#795424) * When a thread list of the core file became corrupted, GDB did not print this list but displayed the "Cannot find new threads: generic error" error message instead. With this update, GDB has been modified and it now prints the thread list of the core file as expected. (BZ#811648) * GDB did not properly handle debugging of multiple binaries with the same build ID. This update modifies GDB to use symbolic links created for particular binaries so that debugging of binaries that share a build ID now proceeds as expected. Debugging of live programs and core files is now more user-friendly. (BZ#836966) All users of gdb are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 703238 - CVE-2011-4355 gdb: object file .debug_gdb_scripts section improper input validation 811648 - Cannot find new threads: generic error 836966 - Backport gdb fix to handle identical binaries via additional build-id symlinks 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: gdb-7.2-60.el6.i686.rpm gdb-debuginfo-7.2-60.el6.i686.rpm gdb-gdbserver-7.2-60.el6.i686.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: gdb-7.2-60.el6.i686.rpm gdb-debuginfo-7.2-60.el6.i686.rpm gdb-gdbserver-7.2-60.el6.i686.rpm ppc64: gdb-7.2-60.el6.ppc64.rpm gdb-debuginfo-7.2-60.el6.ppc64.rpm gdb-gdbserver-7.2-60.el6.ppc64.rpm s390x: gdb-7.2-60.el6.s390x.rpm gdb-debuginfo-7.2-60.el6.s390x.rpm gdb-gdbserver-7.2-60.el6.s390x.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: gdb-7.2-60.el6.i686.rpm gdb-debuginfo-7.2-60.el6.i686.rpm gdb-gdbserver-7.2-60.el6.i686.rpm x86_64: gdb-7.2-60.el6.x86_64.rpm gdb-debuginfo-7.2-60.el6.x86_64.rpm gdb-gdbserver-7.2-60.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2011-4355 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJcPUXlSAg2UNWIIRAgyhAJ9hsfRVdjlhr+KJf1ZMiqlG4DcbpACgoHVo KCUZsj3fAHT1LEqkylrcPkc=1RCc -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 21, 2013
Red Hat
200
security advisorybuffer overflowsecurity fixScientific Linux SL3: CVE-2006-4146 Low Severity GDB Buffer Overflow
Low: gdb security and bug fix update. Date: Fri, 15 Jun 2007 17:33:06 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for on SL3,x i386/x86_64 Comments: To:
Jun 15, 2007
•Low
Scientific Linux
98
security advisorybuffer overflowlow severityRed Hat Enterprise Linux 3 RHSA-2007:0469-01 Low: GDB Buffer Overflow
An updated gdb package that fixes a security issue and various bugs is now available.Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If an attacker could trick a user into loading an executable containing malicious debugging information into GDB, they may be able to execute arbitrary code with the privileges of the user. This update has been rated as having low security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: gdb security and bug fix update Advisory ID: RHSA-2007:0469-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0469.html Issue date: 2007-06-07 Updated on: 2007-06-11 Product: Red Hat Enterprise Linux Keywords: stack buffer overflow dwarf CVE Names: CVE-2006-4146 - ---------------------------------------------------------------------1. Summary: An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion and then printing their data. Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If an attacker could trick a user into loading an executable containing malicious debugging information into GDB, they may be able to execute arbitrary code with the privileges of the user. (CVE-2006-4146) This updated packagealso addresses the following issues: * Support on 64-bit hosts shared libraries debuginfo larger than 2GB. * Fix a race occasionally leaving the detached processes stopped. * Fix segmentation fault on the source display by ^X 1. * Fix a crash on an opaque type dereference. All users of gdb should upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 135488 - gdb internal error with incomplete type 189607 - pstack can cause process to suspend 203875 - CVE-2006-4146 GDB buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: 5d20efee6cc926efbe60cb3759fed958 gdb-6.3.0.0-1.138.el3.src.rpm i386: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ia64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm a570435ed2d6ef5416f5ed16e9fbf86e gdb-6.3.0.0-1.138.el3.ia64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm 36d4622e760b9b10d9902de0e1a6267b gdb-debuginfo-6.3.0.0-1.138.el3.ia64.rpm ppc: 4581a63c4e8f72c324eb83cb124dc36a gdb-6.3.0.0-1.138.el3.ppc.rpm e125035130a60bb9daaf5454b1110577 gdb-6.3.0.0-1.138.el3.ppc64.rpm 5a8ce553c885efbe63a104701e92cd5d gdb-debuginfo-6.3.0.0-1.138.el3.ppc.rpm 438387cb7b7d80563c121be3ae1e55f7 gdb-debuginfo-6.3.0.0-1.138.el3.ppc64.rpm s390: 37fd6c49eae317b511b7323bf23c73e6 gdb-6.3.0.0-1.138.el3.s390.rpm 4282c2753ddbacddd99c9916d3219243 gdb-debuginfo-6.3.0.0-1.138.el3.s390.rpm s390x: 37fd6c49eae317b511b7323bf23c73e6 gdb-6.3.0.0-1.138.el3.s390.rpm 0a8d164aeaaed8071f395812b1f6a4a2 gdb-6.3.0.0-1.138.el3.s390x.rpm 4282c2753ddbacddd99c9916d3219243 gdb-debuginfo-6.3.0.0-1.138.el3.s390.rpm 71302f9655b23f38ecd18082cb9aed61 gdb-debuginfo-6.3.0.0-1.138.el3.s390x.rpm x86_64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm bfd9abd47d6aa910408cc860d81dcb74 gdb-6.3.0.0-1.138.el3.x86_64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ca05c259b0ce05211cbc7935071c9464 gdb-debuginfo-6.3.0.0-1.138.el3.x86_64.rpm Red Hat Desktop version 3: SRPMS: 5d20efee6cc926efbe60cb3759fed958 gdb-6.3.0.0-1.138.el3.src.rpm i386: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm x86_64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm bfd9abd47d6aa910408cc860d81dcb74 gdb-6.3.0.0-1.138.el3.x86_64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ca05c259b0ce05211cbc7935071c9464 gdb-debuginfo-6.3.0.0-1.138.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 5d20efee6cc926efbe60cb3759fed958 gdb-6.3.0.0-1.138.el3.src.rpm i386: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ia64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm a570435ed2d6ef5416f5ed16e9fbf86e gdb-6.3.0.0-1.138.el3.ia64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm 36d4622e760b9b10d9902de0e1a6267b gdb-debuginfo-6.3.0.0-1.138.el3.ia64.rpm x86_64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm bfd9abd47d6aa910408cc860d81dcb74 gdb-6.3.0.0-1.138.el3.x86_64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ca05c259b0ce05211cbc7935071c9464 gdb-debuginfo-6.3.0.0-1.138.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 5d20efee6cc926efbe60cb3759fed958 gdb-6.3.0.0-1.138.el3.src.rpm i386: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ia64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm a570435ed2d6ef5416f5ed16e9fbf86e gdb-6.3.0.0-1.138.el3.ia64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm 36d4622e760b9b10d9902de0e1a6267b gdb-debuginfo-6.3.0.0-1.138.el3.ia64.rpm x86_64: c8d483d2dd0a03e29186ff119c2ba175 gdb-6.3.0.0-1.138.el3.i386.rpm bfd9abd47d6aa910408cc860d81dcb74 gdb-6.3.0.0-1.138.el3.x86_64.rpm 9f6f95ff1e5543bd8cf2443ce9ac9e1f gdb-debuginfo-6.3.0.0-1.138.el3.i386.rpm ca05c259b0ce05211cbc7935071c9464 gdb-debuginfo-6.3.0.0-1.138.el3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2006-4146 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. . Ubuntu Kernel advisory: mitigating minor-severity memory corruption flaws via a crucial patch.. GDB Update, Red Hat Fix, Low Severity, Buffer Overflow, Security Advisory. . Severity: Low. LinuxSecurity.com Team
Jun 11, 2007
•Low
Red Hat
98
security advisoryred hatcommand executionRed Hat: RHSA-2005:709-01 Low: GDB Command Execution Risk
An updated gdb package that fixes several bugs and minor security issues is now available.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: gdb security update Advisory ID: RHSA-2005:709-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:709.html Issue date: 2005-10-05 Updated on: 2005-10-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-1704 CAN-2005-1705 - ---------------------------------------------------------------------1. Summary: An updated gdb package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1705 to thisissue. This updated package also addresses the following issues: - - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore. - - GDB on ia64 issued an extraneous warning when gcore was used. - - GDB on ia64 could not backtrace over a sigaltstack. - - GDB on ia64 could not successfully do an info frame for a signal trampoline. - - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process. - - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints. - - GDB could not build with gcc4 when -Werror flag was set. - - GDB had problems printing inherited members of C++ classes. - - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support. All users of gdb should upgrade to this updated package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10 5. Bug IDs fixed (http://bugzilla.redhat.com/): 158680 - CAN-2005-1704 Integer overflow in gdb 158684 - CAN-2005-1705 gdb arbitrary command execution 160339 - GDB fails to correctly report frame information 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: a5415cbe08fdb27c05eaff709734e6f5 gdb-6.3.0.0-1.63.src.rpm i386: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm ia64: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm eeee08a208c4b8cb238657d1f13d319b gdb-6.3.0.0-1.63.ia64.rpm ppc: 6956fc6e07f46783aa075d78a185dff3 gdb-6.3.0.0-1.63.ppc64.rpm s390: 036d82e926fe0a8c101a2d62447257f3 gdb-6.3.0.0-1.63.s390.rpm s390x: 239453b89d6f08e3b5e8c7c1b4f2ac0a gdb-6.3.0.0-1.63.s390x.rpm x86_64: ef221fad920c658c7a1c98f053f738d1 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: a5415cbe08fdb27c05eaff709734e6f5 gdb-6.3.0.0-1.63.src.rpm i386: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm x86_64: ef221fad920c658c7a1c98f053f738d1 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: a5415cbe08fdb27c05eaff709734e6f5 gdb-6.3.0.0-1.63.src.rpm i386: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm ia64: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm eeee08a208c4b8cb238657d1f13d319b gdb-6.3.0.0-1.63.ia64.rpm x86_64: ef221fad920c658c7a1c98f053f738d1 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: a5415cbe08fdb27c05eaff709734e6f5 gdb-6.3.0.0-1.63.src.rpm i386: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm ia64: 345dd8705bf465cd80e161e7cc96ac72 gdb-6.3.0.0-1.63.i386.rpm eeee08a208c4b8cb238657d1f13d319b gdb-6.3.0.0-1.63.ia64.rpm x86_64: ef221fad920c658c7a1c98f053f738d1 gdb-6.3.0.0-1.63.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-1704 https://www.cve.org/CVERecord?id=CAN-2005-1705 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Oracle has issued a security bulletin detailing an update for their SQL database, which rectifies minimal severity vulnerabilities and various security issues.. gdb update,red hat advisory, command execution fix, low severity. . Severity: Low. LinuxSecurity.com Team
Oct 05, 2005
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!