RHSA-2007:0469 - Security Advisory
Low: gdb security and bug fix update
Security Advisory: Low
An updated gdb package that fixes a security issue and various bugs is now
This update has been rated as having low security impact by the Red Hat
Security Response Team.
GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion and then printing
Various buffer overflows and underflows were found in the DWARF expression
computation stack in GDB. If an attacker could trick a user into loading
an executable containing malicious debugging information into GDB, they may
be able to execute arbitrary code with the privileges of the user.
This updated package also addresses the following issues:
- Support on 64-bit hosts shared libraries debuginfo larger than 2GB.
- Fix a race occasionally leaving the detached processes stopped.
- Fix segmentation fault on the source display by ^X 1.
- Fix a crash on an opaque type dereference.
All users of gdb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
- BZ - 135488 - gdb internal error with incomplete type
- BZ - 189607 - pstack can cause process to suspend
- BZ - 203875 - CVE-2006-4146 GDB buffer overflow
This erratum does not contain any packages.