Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2013:0522 - Security Advisory
Issued:
2013-02-21
Updated:
2013-02-21

RHSA-2013:0522 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: gdb security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gdb packages that fix one security issue and three bugs are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The GNU Debugger (GDB) allows debugging of programs written in C, C++,
Java, and other languages by executing them in a controlled fashion and
then printing out their data.

GDB tried to auto-load certain files (such as GDB scripts, Python scripts,
and a thread debugging library) from the current working directory when
debugging programs. This could result in the execution of arbitrary code
with the user's privileges when GDB was run in a directory that has
untrusted content. (CVE-2011-4355)

With this update, GDB no longer auto-loads files from the current directory
and only trusts certain system directories by default. The list of trusted
directories can be viewed and modified using the "show auto-load safe-path"
and "set auto-load safe-path" GDB commands. Refer to the GDB manual, linked
to in the References, for further information.

This update also fixes the following bugs:

  • When a struct member was at an offset greater than 256 MB, the resulting

bit position within the struct overflowed and caused an invalid memory
access by GDB. With this update, the code has been modified to ensure that
GDB can access such positions. (BZ#795424)

  • When a thread list of the core file became corrupted, GDB did not print

this list but displayed the "Cannot find new threads: generic error" error
message instead. With this update, GDB has been modified and it now prints
the thread list of the core file as expected. (BZ#811648)

  • GDB did not properly handle debugging of multiple binaries with the

same build ID. This update modifies GDB to use symbolic links created for
particular binaries so that debugging of binaries that share a build ID
now proceeds as expected. Debugging of live programs and core files is
now more user-friendly. (BZ#836966)

All users of gdb are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 703238 - CVE-2011-4355 gdb: object file .debug_gdb_scripts section improper input validation
  • BZ - 811648 - Cannot find new threads: generic error
  • BZ - 836966 - Backport gdb fix to handle identical binaries via additional build-id symlinks

CVEs

  • CVE-2011-4355

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • http://sourceware.org/gdb/current/onlinedocs/gdb/Auto_002dloading-safe-path.html#Auto_002dloading-safe-path
  • http://sourceware.org/gdb/current/onlinedocs/gdb/Auto_002dloading.html#Auto_002dloading
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
x86_64
gdb-7.2-60.el6.x86_64.rpm SHA-256: d847960b415a9095d135dae3207a749b82ee5dd208fde784ec6a09635428d99e
gdb-debuginfo-7.2-60.el6.x86_64.rpm SHA-256: fad0d03a9a40dd30036eeb4c2d90fe9c498c9da559ca19ddfec47c2b48e8d1ea
gdb-gdbserver-7.2-60.el6.x86_64.rpm SHA-256: e0de59dc2f73ef5f6cc318cdee200e5efd2dbe8bdfba81a97dea5dab24d4cc1e
i386
gdb-7.2-60.el6.i686.rpm SHA-256: 87e10fb13df443318bbd1c895a068bfe64cb419e3fa699900275cdbd6f11d972
gdb-debuginfo-7.2-60.el6.i686.rpm SHA-256: 823cb9a9869ed82ed2fa066660c816813834d280dd54e774f5e2365926701516
gdb-gdbserver-7.2-60.el6.i686.rpm SHA-256: bcfbe8763949c1c1b0c57db02ef0ded1a7da8ab65537ced68af95d07de547922

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
x86_64
gdb-7.2-60.el6.x86_64.rpm SHA-256: d847960b415a9095d135dae3207a749b82ee5dd208fde784ec6a09635428d99e
gdb-debuginfo-7.2-60.el6.x86_64.rpm SHA-256: fad0d03a9a40dd30036eeb4c2d90fe9c498c9da559ca19ddfec47c2b48e8d1ea
gdb-gdbserver-7.2-60.el6.x86_64.rpm SHA-256: e0de59dc2f73ef5f6cc318cdee200e5efd2dbe8bdfba81a97dea5dab24d4cc1e
i386
gdb-7.2-60.el6.i686.rpm SHA-256: 87e10fb13df443318bbd1c895a068bfe64cb419e3fa699900275cdbd6f11d972
gdb-debuginfo-7.2-60.el6.i686.rpm SHA-256: 823cb9a9869ed82ed2fa066660c816813834d280dd54e774f5e2365926701516
gdb-gdbserver-7.2-60.el6.i686.rpm SHA-256: bcfbe8763949c1c1b0c57db02ef0ded1a7da8ab65537ced68af95d07de547922

Red Hat Enterprise Linux Workstation 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
x86_64
gdb-7.2-60.el6.x86_64.rpm SHA-256: d847960b415a9095d135dae3207a749b82ee5dd208fde784ec6a09635428d99e
gdb-debuginfo-7.2-60.el6.x86_64.rpm SHA-256: fad0d03a9a40dd30036eeb4c2d90fe9c498c9da559ca19ddfec47c2b48e8d1ea
gdb-gdbserver-7.2-60.el6.x86_64.rpm SHA-256: e0de59dc2f73ef5f6cc318cdee200e5efd2dbe8bdfba81a97dea5dab24d4cc1e
i386
gdb-7.2-60.el6.i686.rpm SHA-256: 87e10fb13df443318bbd1c895a068bfe64cb419e3fa699900275cdbd6f11d972
gdb-debuginfo-7.2-60.el6.i686.rpm SHA-256: 823cb9a9869ed82ed2fa066660c816813834d280dd54e774f5e2365926701516
gdb-gdbserver-7.2-60.el6.i686.rpm SHA-256: bcfbe8763949c1c1b0c57db02ef0ded1a7da8ab65537ced68af95d07de547922

Red Hat Enterprise Linux Desktop 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
x86_64
gdb-7.2-60.el6.x86_64.rpm SHA-256: d847960b415a9095d135dae3207a749b82ee5dd208fde784ec6a09635428d99e
gdb-debuginfo-7.2-60.el6.x86_64.rpm SHA-256: fad0d03a9a40dd30036eeb4c2d90fe9c498c9da559ca19ddfec47c2b48e8d1ea
gdb-gdbserver-7.2-60.el6.x86_64.rpm SHA-256: e0de59dc2f73ef5f6cc318cdee200e5efd2dbe8bdfba81a97dea5dab24d4cc1e
i386
gdb-7.2-60.el6.i686.rpm SHA-256: 87e10fb13df443318bbd1c895a068bfe64cb419e3fa699900275cdbd6f11d972
gdb-debuginfo-7.2-60.el6.i686.rpm SHA-256: 823cb9a9869ed82ed2fa066660c816813834d280dd54e774f5e2365926701516
gdb-gdbserver-7.2-60.el6.i686.rpm SHA-256: bcfbe8763949c1c1b0c57db02ef0ded1a7da8ab65537ced68af95d07de547922

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
s390x
gdb-7.2-60.el6.s390x.rpm SHA-256: b014f89207f867547b414eab6fa8bb26185e1583a2f2506f584cbcd861143a6d
gdb-debuginfo-7.2-60.el6.s390x.rpm SHA-256: 8d8ba13df2a25433328723031031c84b4e344250105ee0a23bd69eaa9c0e69b6
gdb-gdbserver-7.2-60.el6.s390x.rpm SHA-256: f9e872ace2a8aad959fe6d38d2981c22c2ab335add793e5cd41ebecc820593af

Red Hat Enterprise Linux for Power, big endian 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
ppc64
gdb-7.2-60.el6.ppc64.rpm SHA-256: c4cf23f05605734ff6bf0489e0ca243056cdc0fd9b3627c594e2e51a42d33b02
gdb-debuginfo-7.2-60.el6.ppc64.rpm SHA-256: ee18848b4ab027712f0471fcdb36220d6e4d574789e0c9a84fe801462e63ed3c
gdb-gdbserver-7.2-60.el6.ppc64.rpm SHA-256: c387451d9c11e30842eb5075b8d7e8ef1ad0126b33a9cb180afb3636d148296d

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
x86_64
gdb-7.2-60.el6.x86_64.rpm SHA-256: d847960b415a9095d135dae3207a749b82ee5dd208fde784ec6a09635428d99e
gdb-debuginfo-7.2-60.el6.x86_64.rpm SHA-256: fad0d03a9a40dd30036eeb4c2d90fe9c498c9da559ca19ddfec47c2b48e8d1ea
gdb-gdbserver-7.2-60.el6.x86_64.rpm SHA-256: e0de59dc2f73ef5f6cc318cdee200e5efd2dbe8bdfba81a97dea5dab24d4cc1e

Red Hat Enterprise Linux Server from RHUI 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
x86_64
gdb-7.2-60.el6.x86_64.rpm SHA-256: d847960b415a9095d135dae3207a749b82ee5dd208fde784ec6a09635428d99e
gdb-debuginfo-7.2-60.el6.x86_64.rpm SHA-256: fad0d03a9a40dd30036eeb4c2d90fe9c498c9da559ca19ddfec47c2b48e8d1ea
gdb-gdbserver-7.2-60.el6.x86_64.rpm SHA-256: e0de59dc2f73ef5f6cc318cdee200e5efd2dbe8bdfba81a97dea5dab24d4cc1e
i386
gdb-7.2-60.el6.i686.rpm SHA-256: 87e10fb13df443318bbd1c895a068bfe64cb419e3fa699900275cdbd6f11d972
gdb-debuginfo-7.2-60.el6.i686.rpm SHA-256: 823cb9a9869ed82ed2fa066660c816813834d280dd54e774f5e2365926701516
gdb-gdbserver-7.2-60.el6.i686.rpm SHA-256: bcfbe8763949c1c1b0c57db02ef0ded1a7da8ab65537ced68af95d07de547922

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
gdb-7.2-60.el6.src.rpm SHA-256: ad77f760c4849e0a7686a43bfccba0ba9d7292ecfe9be1aa278707fe1a63cf21
s390x
gdb-7.2-60.el6.s390x.rpm SHA-256: b014f89207f867547b414eab6fa8bb26185e1583a2f2506f584cbcd861143a6d
gdb-debuginfo-7.2-60.el6.s390x.rpm SHA-256: 8d8ba13df2a25433328723031031c84b4e344250105ee0a23bd69eaa9c0e69b6
gdb-gdbserver-7.2-60.el6.s390x.rpm SHA-256: f9e872ace2a8aad959fe6d38d2981c22c2ab335add793e5cd41ebecc820593af

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter