Updated gdb packages fix security vulnerabilities
Publication date: 01 Jul 2024Modification date: 01 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-4285 , CVE-2023-1972 , CVE-2023-39128 , CVE-2023-39129 , CVE-2023-39130
Description
An illegal memory access flaw was found in the binutils package. Parsing
an ELF file containing corrupt symbol version information may result in
a denial of service. This issue is the result of an incomplete fix for
CVE-2020-16599. (CVE-2022-4285)
A potential heap based buffer overflow was found in
_bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of
availability. (CVE-2023-1972)
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack
overflow via the function ada_decode at /gdb/ada-lang.c.
(CVE-2023-39128)
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use
after free via the function add_pe_exported_sym() at
/gdb/coff-pe-read.c. (CVE-2023-39129)
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap
buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
(CVE-2023-39130)
References
- https://bugs.mageia.org/show_bug.cgi?id=33319
- https://ubuntu.com/security/notices/USN-6842-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4285
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1972
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39130
SRPMS
9/core
- gdb-12.1-7.1.mga9