Updated gdb packages fix security vulnerabilities
Publication date: 01 Jul 2024Modification date: 01 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-4285 , CVE-2023-1972 , CVE-2023-39128 , CVE-2023-39129 , CVE-2023-39130
Description
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285) A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. (CVE-2023-39128) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. (CVE-2023-39129) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. (CVE-2023-39130)
References
- https://bugs.mageia.org/show_bug.cgi?id=33319
- https://ubuntu.com/security/notices/USN-6842-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4285
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1972
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39130
SRPMS
9/core
- gdb-12.1-7.1.mga9