Security update for gdb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2494-1 Final 1 1 2019-11-12T19:13:11Z current 2019-11-12T19:13:11Z 2019-11-12T19:13:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gdb This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Handle most of new s390 arch13 instructions. [fate#327369, jsc#ECO-368] This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2494 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html E-Mail link for openSUSE-SU-2019:2494-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1115034 SUSE Bug 1115034 https://bugzilla.suse.com/1142772 SUSE Bug 1142772 https://bugzilla.suse.com/1145692 SUSE Bug 1145692 https://www.suse.com/security/cve/CVE-2019-1010180/ SUSE CVE CVE-2019-1010180 page openSUSE Leap 15.1 gdb-8.3.1-lp151.4.3.1 gdb-testresults-8.3.1-lp151.4.3.1 gdbserver-8.3.1-lp151.4.3.1 gdb-8.3.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 gdb-testresults-8.3.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 gdbserver-8.3.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. CVE-2019-1010180 openSUSE Leap 15.1:gdb-8.3.1-lp151.4.3.1 openSUSE Leap 15.1:gdb-testresults-8.3.1-lp151.4.3.1 openSUSE Leap 15.1:gdbserver-8.3.1-lp151.4.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html https://www.suse.com/security/cve/CVE-2019-1010180.html CVE-2019-1010180 https://bugzilla.suse.com/1142772 SUSE Bug 1142772