User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2005:095 (gdb)

From:  Mandriva Security Team <security@mandriva.com>
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] MDKSA-2005:095 - Updated gdb packages fix vulnerabilities
Date:  Mon, 30 May 2005 14:38:32 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: gdb Advisory ID: MDKSA-2005:095 Date: May 30th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilites in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CAN-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CAN-2005-1705). The updated packages have been patched to correct these problems. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1705 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: 3a50223904d8735180a6e6d1367adebe 10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm a66ca0ba26db821f6cd6b2a962164b89 10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 9beb409470d2b5767c1cee9dabf19aec amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm a66ca0ba26db821f6cd6b2a962164b89 amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm Mandrakelinux 10.1: f709e9355a954210f9791cdaa136d123 10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm 4ccb813e4b0ee7499c45dcfc5aa5c7e8 10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: dde6afb0ef27339bd81a9d9ae195151e x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm 4ccb813e4b0ee7499c45dcfc5aa5c7e8 x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm Mandrakelinux 10.2: 9984dc6334cd1ea0ef1f1e9304ad3722 10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm ae742ac4e532252f83f8c7aff810d811 10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 2df9adbbcd385b9c5e2dc514cb3885ad x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm ae742ac4e532252f83f8c7aff810d811 x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm Corporate Server 2.1: b4f7eaa06d432f1dbd7b714249f518fd corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm c58ff8886c0762bb8f685f07bb97fef8 corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: b641cd3e7e43ccfcb9d9aa5a88651863 x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm c58ff8886c0762bb8f685f07bb97fef8 x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm Corporate 3.0: 2cfaab7e4ee44d4b8122165a0540c6ad corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm 3136e4376e69c88876b56dd152b291d5 corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: 95087b0e2e5d27c4ac30b881bf12ee42 x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm 3136e4376e69c88876b56dd152b291d5 x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCm3nImqjQ0CJFipgRAkn1AJ4w1BUE1UguPJRqU94SZlh8Ed5YmQCg8pqI YggXQInzlc1OQEmEPYQdFVw= =hBCK -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds