LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: gdb security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux An updated gdb package that fixes several bugs and minor security issues is now available.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: gdb security update
Advisory ID:       RHSA-2005:709-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-709.html
Issue date:        2005-10-05
Updated on:        2005-10-05
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1704 CAN-2005-1705
- ---------------------------------------------------------------------

1. Summary:

An updated gdb package that fixes several bugs and minor security issues is
now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

GDB, the GNU debugger, allows debugging of programs written in C, C++,
and other languages by executing them in a controlled fashion, then
printing their data.

Several integer overflow bugs were found in gdb. If a user is tricked
into processing a specially crafted executable file, it may allow the
execution of arbitrary code as the user running gdb. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1704 to this issue.

A bug was found in the way gdb loads .gdbinit files. When a user executes
gdb, the local directory is searched for a .gdbinit file which is then
loaded. It is possible for a local user to execute arbitrary commands as
the victim running gdb by placing a malicious .gdbinit file in a location
where gdb may be run. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.

This updated package also addresses the following issues:

- - GDB on ia64 had previously implemented a bug fix to work-around a kernel
problem when creating a core file via gcore.  The bug fix caused a
significant slow-down of gcore.

- - GDB on ia64 issued an extraneous warning when gcore was used.

- - GDB on ia64 could not backtrace over a sigaltstack.

- - GDB on ia64 could not successfully do an info frame for a signal trampoline.

- - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.

- - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.

- - GDB could not build with gcc4 when -Werror flag was set.

- - GDB had problems printing inherited members of C++ classes.

- - A few updates from mainline sources concerning Dwarf2 partial die in
cache support, follow-fork support, interrupted syscall support, and
DW_OP_piece read support.

All users of gdb should upgrade to this updated package, which resolves
these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

158680 - CAN-2005-1704 Integer overflow in gdb
158684 - CAN-2005-1705 gdb arbitrary command execution
160339 - GDB fails to correctly report frame information


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdb-6.3.0.0-1.63.src.rpm
a5415cbe08fdb27c05eaff709734e6f5  gdb-6.3.0.0-1.63.src.rpm

i386:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm

ia64:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm
eeee08a208c4b8cb238657d1f13d319b  gdb-6.3.0.0-1.63.ia64.rpm

ppc:
6956fc6e07f46783aa075d78a185dff3  gdb-6.3.0.0-1.63.ppc64.rpm

s390:
036d82e926fe0a8c101a2d62447257f3  gdb-6.3.0.0-1.63.s390.rpm

s390x:
239453b89d6f08e3b5e8c7c1b4f2ac0a  gdb-6.3.0.0-1.63.s390x.rpm

x86_64:
ef221fad920c658c7a1c98f053f738d1  gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdb-6.3.0.0-1.63.src.rpm
a5415cbe08fdb27c05eaff709734e6f5  gdb-6.3.0.0-1.63.src.rpm

i386:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm

x86_64:
ef221fad920c658c7a1c98f053f738d1  gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdb-6.3.0.0-1.63.src.rpm
a5415cbe08fdb27c05eaff709734e6f5  gdb-6.3.0.0-1.63.src.rpm

i386:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm

ia64:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm
eeee08a208c4b8cb238657d1f13d319b  gdb-6.3.0.0-1.63.ia64.rpm

x86_64:
ef221fad920c658c7a1c98f053f738d1  gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdb-6.3.0.0-1.63.src.rpm
a5415cbe08fdb27c05eaff709734e6f5  gdb-6.3.0.0-1.63.src.rpm

i386:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm

ia64:
345dd8705bf465cd80e161e7cc96ac72  gdb-6.3.0.0-1.63.i386.rpm
eeee08a208c4b8cb238657d1f13d319b  gdb-6.3.0.0-1.63.ia64.rpm

x86_64:
ef221fad920c658c7a1c98f053f738d1  gdb-6.3.0.0-1.63.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1705

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.