- Issued:
- 2007-06-11
- Updated:
- 2007-06-11
RHSA-2007:0469 - Security Advisory
Synopsis
Low: gdb security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An updated gdb package that fixes a security issue and various bugs is now
available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Description
GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion and then printing
their data.
Various buffer overflows and underflows were found in the DWARF expression
computation stack in GDB. If an attacker could trick a user into loading
an executable containing malicious debugging information into GDB, they may
be able to execute arbitrary code with the privileges of the user.
(CVE-2006-4146)
This updated package also addresses the following issues:
- Support on 64-bit hosts shared libraries debuginfo larger than 2GB.
- Fix a race occasionally leaving the detached processes stopped.
- Fix segmentation fault on the source display by ^X 1.
- Fix a crash on an opaque type dereference.
All users of gdb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 135488 - gdb internal error with incomplete type
- BZ - 189607 - pstack can cause process to suspend
- BZ - 203875 - CVE-2006-4146 GDB buffer overflow
CVEs
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
