Skip to navigation

Security Advisory Low: gdb security and bug fix update

Advisory: RHSA-2007:0469-2
Type: Security Advisory
Severity: Low
Issued on: 2007-06-11
Last updated on: 2007-06-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2006-4146

Details

An updated gdb package that fixes a security issue and various bugs is now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion and then printing
their data.

Various buffer overflows and underflows were found in the DWARF expression
computation stack in GDB. If an attacker could trick a user into loading
an executable containing malicious debugging information into GDB, they may
be able to execute arbitrary code with the privileges of the user.
(CVE-2006-4146)

This updated package also addresses the following issues:

* Support on 64-bit hosts shared libraries debuginfo larger than 2GB.

* Fix a race occasionally leaving the detached processes stopped.

* Fix segmentation fault on the source display by ^X 1.

* Fix a crash on an opaque type dereference.

All users of gdb should upgrade to this updated package, which contains
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/SRPMS/gdb-6.3.0.0-1.138.el3.src.rpm
Missing file
    MD5: 5d20efee6cc926efbe60cb3759fed958
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/x86_64/gdb-6.3.0.0-1.138.el3.x86_64.rpm
Missing file
    MD5: bfd9abd47d6aa910408cc860d81dcb74
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/SRPMS/gdb-6.3.0.0-1.138.el3.src.rpm
Missing file
    MD5: 5d20efee6cc926efbe60cb3759fed958
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/ia64/gdb-6.3.0.0-1.138.el3.ia64.rpm
Missing file
    MD5: a570435ed2d6ef5416f5ed16e9fbf86e
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/ppc/gdb-6.3.0.0-1.138.el3.ppc.rpm
Missing file
    MD5: 4581a63c4e8f72c324eb83cb124dc36a
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/ppc64/gdb-6.3.0.0-1.138.el3.ppc64.rpm
Missing file
    MD5: e125035130a60bb9daaf5454b1110577
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/s390/gdb-6.3.0.0-1.138.el3.s390.rpm
Missing file
    MD5: 37fd6c49eae317b511b7323bf23c73e6
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/s390/gdb-6.3.0.0-1.138.el3.s390.rpm
Missing file
    MD5: 37fd6c49eae317b511b7323bf23c73e6
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/s390x/gdb-6.3.0.0-1.138.el3.s390x.rpm
Missing file
    MD5: 0a8d164aeaaed8071f395812b1f6a4a2
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/x86_64/gdb-6.3.0.0-1.138.el3.x86_64.rpm
Missing file
    MD5: bfd9abd47d6aa910408cc860d81dcb74
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/SRPMS/gdb-6.3.0.0-1.138.el3.src.rpm
Missing file
    MD5: 5d20efee6cc926efbe60cb3759fed958
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/ia64/gdb-6.3.0.0-1.138.el3.ia64.rpm
Missing file
    MD5: a570435ed2d6ef5416f5ed16e9fbf86e
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/x86_64/gdb-6.3.0.0-1.138.el3.x86_64.rpm
Missing file
    MD5: bfd9abd47d6aa910408cc860d81dcb74
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/SRPMS/gdb-6.3.0.0-1.138.el3.src.rpm
Missing file
    MD5: 5d20efee6cc926efbe60cb3759fed958
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/ia64/gdb-6.3.0.0-1.138.el3.ia64.rpm
Missing file
    MD5: a570435ed2d6ef5416f5ed16e9fbf86e
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/i386/gdb-6.3.0.0-1.138.el3.i386.rpm
Missing file
    MD5: c8d483d2dd0a03e29186ff119c2ba175
ftp://updates.redhat.com/rhn/repository/NULL/gdb/6.3.0.0-1.138.el3/x86_64/gdb-6.3.0.0-1.138.el3.x86_64.rpm
Missing file
    MD5: bfd9abd47d6aa910408cc860d81dcb74
 

Bugs fixed (see bugzilla for more information)

135488 - gdb internal error with incomplete type
189607 - pstack can cause process to suspend
203875 - CVE-2006-4146 GDB buffer overflow


References


Keywords

buffer, dwarf, overflow, stack


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/