Bug 33319

Assigning to our registered gdb maintainer.

Assignee: bugsquad => thierry.vignaud
CC: (none) => marja11

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285)

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972)

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. (CVE-2023-39128)

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. (CVE-2023-39129)

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. (CVE-2023-39130)

References:
https://ubuntu.com/security/notices/USN-6842-1
========================

Updated packages in core/updates_testing:
========================
gdb-12.1-7.1.mga9
gdb-doc-12.1-7.1.mga9
gdb-gdbserver-12.1-7.1.mga9
gdb-headless-12.1-7.1.mga9
gdb-minimal-12.1-7.1.mga9
urpmi-debuginfo-install-12.1-7.1.mga9

from SRPM:
gdb-12.1-7.1.mga9.src.rpm

Status: NEW => ASSIGNED
Status comment: Patches available from Ubuntu => (none)
Assignee: thierry.vignaud => qa-bugs

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
No wiki, no previous updates, soo googling for some simple demo and found this:
https://www.geeksforgeeks.org/gdb-step-by-step-introduction/
I will upload the test.c file defined here.
$ gcc -std=c99 -g -o test test.c

$ gdb ./test
GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9)
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-mageia-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test...
(gdb) run
Starting program: /home/tester9/Documents/test 
Missing separate debuginfos, use: debuginfo-install glibc-2.36-54.mga9.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
-10104
, c[Inferior 1 (process 90912) exited normally]
(gdb) q

So I run
# debuginfo-install glibc-2.36-54.mga9.x86_64
No package named glibc-debuginfo
Something went wrong, make sure your Debug media are configured properly
But there is no such package in our repo. I have to give up on that now.
Back to gdb

$ gdb ./test
GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9)
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-mageia-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test...
(gdb) l
1       #include<stdio.h>
2
3       int main()
4       {
5           int x;
6           int a = x;
7           int b = x;
8           int c = a + b;
9           printf("%d\n, c");
10          return 0;
(gdb) 
So at least something can be demonstrated.
If someone can help to solve the debug package problem, I would be glad to complete the test.
Or can we OK it as developer's area???

CC: (none) => herman.viaene

Created attachment 14579 [details]
testing file for debug

(In reply to Herman Viaene from comment #3)
> MGA9-64 Plasma Wayland on HP-Pavillion
> No installation issues.
> No wiki, no previous updates, soo googling for some simple demo and found
> this:
> https://www.geeksforgeeks.org/gdb-step-by-step-introduction/
> I will upload the test.c file defined here.
> $ gcc -std=c99 -g -o test test.c
> 
> $ gdb ./test
> GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9)
> Copyright (C) 2022 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Type "show copying" and "show warranty" for details.
> This GDB was configured as "x86_64-mageia-linux-gnu".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <https://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
>     <http://www.gnu.org/software/gdb/documentation/>.
> 
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from ./test...
> (gdb) run
> Starting program: /home/tester9/Documents/test 
> Missing separate debuginfos, use: debuginfo-install glibc-2.36-54.mga9.x86_64
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> -10104
> , c[Inferior 1 (process 90912) exited normally]
> (gdb) q
> 
> So I run
> # debuginfo-install glibc-2.36-54.mga9.x86_64
> No package named glibc-debuginfo
> Something went wrong, make sure your Debug media are configured properly
> But there is no such package in our repo. I have to give up on that now.
> Back to gdb
> 
> $ gdb ./test
> GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9)
> Copyright (C) 2022 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Type "show copying" and "show warranty" for details.
> This GDB was configured as "x86_64-mageia-linux-gnu".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <https://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
>     <http://www.gnu.org/software/gdb/documentation/>.
> 
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from ./test...
> (gdb) l
> 1       #include<stdio.h>
> 2
> 3       int main()
> 4       {
> 5           int x;
> 6           int a = x;
> 7           int b = x;
> 8           int c = a + b;
> 9           printf("%d\n, c");
> 10          return 0;
> (gdb) 
> So at least something can be demonstrated.
> If someone can help to solve the debug package problem, I would be glad to
> complete the test.
> Or can we OK it as developer's area???

It's a usual warning if you not install the debug packages but with the test you provide is not necessary because not exist.

(In reply to katnatek from comment #5)
> (In reply to Herman Viaene from comment #3)
> > MGA9-64 Plasma Wayland on HP-Pavillion
> > No installation issues.
> > No wiki, no previous updates, soo googling for some simple demo and found
> > this:
> > https://www.geeksforgeeks.org/gdb-step-by-step-introduction/
> > I will upload the test.c file defined here.
> > $ gcc -std=c99 -g -o test test.c
> > 
> > $ gdb ./test
> > GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9)
> > Copyright (C) 2022 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> > This is free software: you are free to change and redistribute it.
> > There is NO WARRANTY, to the extent permitted by law.
> > Type "show copying" and "show warranty" for details.
> > This GDB was configured as "x86_64-mageia-linux-gnu".
> > Type "show configuration" for configuration details.
> > For bug reporting instructions, please see:
> > <https://www.gnu.org/software/gdb/bugs/>.
> > Find the GDB manual and other documentation resources online at:
> >     <http://www.gnu.org/software/gdb/documentation/>.
> > 
> > For help, type "help".
> > Type "apropos word" to search for commands related to "word"...
> > Reading symbols from ./test...
> > (gdb) run
> > Starting program: /home/tester9/Documents/test 
> > Missing separate debuginfos, use: debuginfo-install glibc-2.36-54.mga9.x86_64
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib64/libthread_db.so.1".
> > -10104
> > , c[Inferior 1 (process 90912) exited normally]
> > (gdb) q
> > 
> > So I run
> > # debuginfo-install glibc-2.36-54.mga9.x86_64
> > No package named glibc-debuginfo
> > Something went wrong, make sure your Debug media are configured properly
> > But there is no such package in our repo. I have to give up on that now.
> > Back to gdb
> > 
> > $ gdb ./test
> > GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9)
> > Copyright (C) 2022 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> > This is free software: you are free to change and redistribute it.
> > There is NO WARRANTY, to the extent permitted by law.
> > Type "show copying" and "show warranty" for details.
> > This GDB was configured as "x86_64-mageia-linux-gnu".
> > Type "show configuration" for configuration details.
> > For bug reporting instructions, please see:
> > <https://www.gnu.org/software/gdb/bugs/>.
> > Find the GDB manual and other documentation resources online at:
> >     <http://www.gnu.org/software/gdb/documentation/>.
> > 
> > For help, type "help".
> > Type "apropos word" to search for commands related to "word"...
> > Reading symbols from ./test...
> > (gdb) l
> > 1       #include<stdio.h>
> > 2
> > 3       int main()
> > 4       {
> > 5           int x;
> > 6           int a = x;
> > 7           int b = x;
> > 8           int c = a + b;
> > 9           printf("%d\n, c");
> > 10          return 0;
> > (gdb) 
> > So at least something can be demonstrated.
> > If someone can help to solve the debug package problem, I would be glad to
> > complete the test.
> > Or can we OK it as developer's area???
> 
> It's a usual warning if you not install the debug packages but with the test
> you provide is not necessary because not exist.
Sorry the debug for glibc exits but is not really necessary for this test

RH mageia 9 x86_64

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing gdb-minimal-12.1-7.1.mga9.x86_64.rpm gdb-headless-12.1-7.1.mga9.x86_64.rpm gdb-12.1-7.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/3: gdb-headless          ##################################################################################################
      2/3: gdb                   ##################################################################################################
      3/3: gdb-minimal           ##################################################################################################
      1/3: removing gdb-12.1-7.mga9.x86_64
                                 ##################################################################################################
      2/3: removing gdb-headless-12.1-7.mga9.x86_64
                                 ##################################################################################################
      3/3: removing gdb-minimal-12.1-7.mga9.x86_64
                                 ##################################################################################################

I can reproduce the bug#33330 comment#0 output running  gdb aegisub  in Plasma wayland

Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm

Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0246.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED