{ "schema_version": "1.7.0", "id": "MGASA-2024-0246", "published": "2024-07-01T17:53:27Z", "modified": "2024-07-01T17:23:12Z", "summary": "Updated gdb packages fix security vulnerabilities", "details": "An illegal memory access flaw was found in the binutils package. Parsing\nan ELF file containing corrupt symbol version information may result in\na denial of service. This issue is the result of an incomplete fix for\nCVE-2020-16599. (CVE-2022-4285)\nA potential heap based buffer overflow was found in\n_bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of\navailability. (CVE-2023-1972)\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack\noverflow via the function ada_decode at /gdb/ada-lang.c.\n(CVE-2023-39128)\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use\nafter free via the function add_pe_exported_sym() at\n/gdb/coff-pe-read.c. (CVE-2023-39129)\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap\nbuffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.\n(CVE-2023-39130)\n", "upstream": [ "CVE-2022-4285", "CVE-2023-1972", "CVE-2023-39128", "CVE-2023-39129", "CVE-2023-39130" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2024-0246.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=33319" }, { "type": "ADVISORY", "url": "https://ubuntu.com/security/notices/USN-6842-1" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "gdb", "purl": "pkg:rpm/mageia/gdb?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "12.1-7.1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }