Ubuntu has issued an advisory on July 26: https://usn.ubuntu.com/usn/usn-3367-1/ Some of these issues overlap with binutils (Bug 18987) as they come from the same bundled code. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => thierry.vignaud
Cauldron needed CVE-2016-4491-2.patch. Mageia 6 needed the patches for 2016-4491 and CVE-2016-6131. Mageia 5 needed patches for everything (CVE-2014-8501, CVE-2014-9939, CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131). All committed in SVN, builds coming soon.
Advisory (Mageia 5): ======================== Updated gdb packages fix security vulnerabilities: Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-8501). It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service (CVE-2014-9939). It was discovered that gdb incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-2226). It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131 https://usn.ubuntu.com/usn/usn-3367-1/ ======================== Updated packages in core/updates_testing: ======================== gdb-7.8.1-7.1.mga5 from gdb-7.8.1-7.1.mga5.src.rpm Advisory (Mageia 6): ======================== Updated gdb packages fix security vulnerabilities: It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service (CVE-2016-4491, CVE-2016-6131). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131 https://usn.ubuntu.com/usn/usn-3367-1/ ======================== Updated packages in core/updates_testing: ======================== gdb-7.12-16.1.mga6 gdb-gdbserver-7.12-16.1.mga6 gdb-doc-7.12-16.1.mga6 urpmi-debuginfo-install-1-16.1.mga6 from gdb-7.12-16.1.mga6.src.rpm
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOAssignee: thierry.vignaud => qa-bugsVersion: Cauldron => 6
Keywords: (none) => advisoryCC: (none) => davidwhodgins
MGA5-32 on Dell Latitude D600 Xfce No installation issues Installs cleanly Trying to run a debug session for a simple helloworld example but running into debuginfo configuration problems, but at least the command starts properly: $ gdb a.out GNU gdb (GDB) 7.8.1-7.1.mga5 (Mageia release 5) Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i586-mageia-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from a.out...done. (gdb) run Starting program: /home/tester5/Documenten/cplpluscode/a.out warning: the debug information found in "/usr/lib/debug//lib/ld-2.20.so.debug" does not match "/lib/ld-linux.so.2" (CRC mismatch). and more of those I will agree if the higher powers decide this is sufficient to OK.
CC: (none) => herman.viaene
Just running "gdb ls" with run and then quit. Validating the update.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO => MGA5TOO MGA5-64-OK MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0034.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0035.html