Mageia alert MGASA-2024-0246 (gdb)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2024-0246: Updated gdb packages fix security vulnerabilities | |
| Date: | Mon, 01 Jul 2024 19:54:10 +0200 | |
| Message-ID: | <20240701175410.3D916A0D3C@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2024-0246 - Updated gdb packages fix security vulnerabilities Publication date: 01 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0246.html Type: security Affected Mageia releases: 9 CVE: CVE-2022-4285, CVE-2023-1972, CVE-2023-39128, CVE-2023-39129, CVE-2023-39130 Description: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285) A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. (CVE-2023-39128) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. (CVE-2023-39129) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. (CVE-2023-39130) References: - https://bugs.mageia.org/show_bug.cgi?id=33319 - https://ubuntu.com/security/notices/USN-6842-1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4285 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1972 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3... SRPMS: - 9/core/gdb-12.1-7.1.mga9