Bug 31092

Summary: gdb, binutils new security issues CVE-2021-3826 and CVE-2022-38533
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs, tarazed25, thierry.vignaud, tmb
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: binutils-2.39-2.mga9.src.rpm CVE:
Status comment:

Description David Walser 2022-11-08 14:19:34 CET 
Fedora has issued an advisory on November 7:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/

Mageia 8 is also affected.
David Walser 2022-11-08 14:19:57 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patches available from Fedora

Comment 1 David Walser 2022-11-08 14:22:16 CET 
Fedora has issued an advisory on November 7:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/

CVE-2021-3826 also affects gdb and is fixed upstream in 12.1.

CVE-2022-38533 only affects binutils and is fixed upstream in 2.40.

It's not clear which binutils version fixes CVE-2021-3826.

CC: (none) => thierry.vignaud
Summary: binutils new security issues CVE-2021-3826 and CVE-2022-38533 => gdb, binutils new security issues CVE-2021-3826 and CVE-2022-38533

Comment 2 Thomas Backlund 2022-11-08 20:09:39 CET 
CVE-2021-3826 got fixed in binutils-2_38~121

CVE-2022-38533 I fixed in binutils-2.39-3.mga9

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 3 Thomas Backlund 2022-11-08 20:39:24 CET 
Fixes building in:


binutils-2.36.1-1.5.mga8

gdb-10.1-5.1.mga8
Comment 4 David Walser 2022-11-09 03:26:39 CET 
libbinutils-devel-2.36.1-1.5.mga8
binutils-2.36.1-1.5.mga8
gdb-doc-10.1-5.1.mga8
gdb-headless-10.1-5.1.mga8
gdb-gdbserver-10.1-5.1.mga8
gdb-10.1-5.1.mga8

from SRPMS:
binutils-2.36.1-1.5.mga8.src.rpm
gdb-10.1-5.1.mga8.src.rpm

Assignee: tmb => qa-bugs
Status comment: Patches available from Fedora => (none)
CC: (none) => tmb

Comment 5 Herman Viaene 2022-11-09 15:45:21 CET 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Testing as far as binutils is covered ref bug 28305 Comment 12
$ objdump -x /bin/pulseaudio

/bin/pulseaudio:     file format elf64-x86-64
/bin/pulseaudio
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x0000000000408050

Program Header:
    PHDR off    0x0000000000000040 vaddr 0x0000000000400040 paddr 0x0000000000400040 align 2**3
         filesz 0x0000000000000268 memsz 0x0000000000000268 flags r--
and a load more.....
$ objdump -f /bin/gcc

/bin/gcc:     file format elf64-x86-64
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x0000000000407220
$ readelf -hl /bin/python
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
etc ......
$ strings /bin/lua | grep -i luaL
luaL_openlib
luaL_where
luaL_traceback
etc....
Looks all OK, but I won't venture into the gdb stuff, leaving that for others.

CC: (none) => herman.viaene

Comment 6 Len Lawrence 2022-11-12 14:20:31 CET 
In reply to comment 5:
Thanks Herman.  I can run a very elementary test on gdb and hopefully send this on.

CC: (none) => tarazed25

Comment 7 Len Lawrence 2022-11-12 16:18:32 CET 
mga8, x64
All packages updated cleanly.

Compiled a very basic commandline C++ program then ran it under gdb.  Note that all debuginfo repositories have been disabled.
$ cat abc.c++
#include <iostream> 
#include <stdlib.h> 
#include <string.h> 
using namespace std; 
  
float findSquare(float a) 
{ 
    return a * a; 
} 
  
int main(int n, char** args) 
{ 
    for (int i = 1; i < n; i++)  
    { 
        float a = atof(args[i]); 
        cout << findSquare(a) << endl; 
    } 
    return 0; 
} 
$ g++ -o abc abc.c++
$ gdb ./abc
GNU gdb (GDB) 10.1-5.1.mga8 (Mageia release 8)
.....
Reading symbols from ./abc...
(No debugging symbols found in ./abc)
(gdb) break findSquare
Breakpoint 1 at 0x401176
(gdb) run 7 1.414215 43 \0x2B 17i
Starting program: /home/lcl/qa/gdb/abc 7 1.414215 43 \0x2B 17i
Missing separate debuginfos, use: debuginfo-install glibc-2.32-28.mga8.x86_64

Breakpoint 1, 0x0000000000401176 in findSquare(float) ()
Missing separate debuginfos, use: debuginfo-install libgcc1-10.4.0-3.mga8.x86_64 libstdc++6-10.4.0-3.mga8.x86_64
(gdb) n
Single stepping until exit from function _Z10findSquaref,
which has no line number information.
0x00000000004011d8 in main ()
(gdb) n
Single stepping until exit from function main,
which has no line number information.
49
Breakpoint 1, 0x0000000000401176 in findSquare(float) ()
(gdb) n
Single stepping until exit from function _Z10findSquaref,
which has no line number information.
0x00000000004011d8 in main ()
(gdb) n
Single stepping until exit from function main,
which has no line number information.
2
Breakpoint 1, 0x0000000000401176 in findSquare(float) ()
(gdb) c
Continuing.
1849
Breakpoint 1, 0x0000000000401176 in findSquare(float) ()
(gdb) c
Continuing.
1849
Breakpoint 1, 0x0000000000401176 in findSquare(float) ()
(gdb) c
Continuing.
289
[Inferior 1 (process 3675638) exited normally]
(gdb) q
$
That all looks fine but it could hardly be simpler.

$ gdb abc
(gdb) b main
Breakpoint 1 at 0x40118a
(gdb) b findSquare
Breakpoint 2 at 0x401176
(gdb) delete 2
(gdb) run 3.33 5.55
Starting program: /home/lcl/qa/gdb/abc 3.33 5.55
Missing separate debuginfos, use: debuginfo-install glibc-2.32-28.mga8.x86_64

Breakpoint 1, 0x000000000040118a in main ()
Missing separate debuginfos, use: debuginfo-install libgcc1-10.4.0-3.mga8.x86_64 libstdc++6-10.4.0-3.mga8.x86_64
(gdb) c
Continuing.
11.0889
30.8025
[Inferior 1 (process 3782253) exited normally]
(gdb) clear main
Deleted breakpoint 1 
(gdb) run 5.5^02
Starting program: /home/lcl/qa/gdb/abc 5.5^02
30.25
[Inferior 1 (process 3789349) exited normally]
(gdb) run
Starting program: /home/lcl/qa/gdb/abc 5.5^02
30.25
[Inferior 1 (process 3792884) exited normally]
(gdb) b findSquare
Breakpoint 3 at 0x401176
(gdb) info breakpoints
Num     Type           Disp Enb Address            What
3       breakpoint     keep y   0x0000000000401176 <findSquare(float)+4>
(gdb) disable 3
(gdb) info breakpoints
Num     Type           Disp Enb Address            What
3       breakpoint     keep n   0x0000000000401176 <findSquare(float)+4>
(gdb) enable 3
(gdb) info breakpoints
Num     Type           Disp Enb Address            What
3       breakpoint     keep y   0x0000000000401176 <findSquare(float)+4>
(gdb) 

Leaving it there.  Don't know anything about gdbserver.

Sending this on based on Herman's tests and this one.

Whiteboard: (none) => MGA8-64-OK

Comment 8 Thomas Andrews 2022-11-12 18:26:03 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-11-13 00:25:20 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 9 Mageia Robot 2022-11-13 03:27:12 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0425.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED