Fedora has issued an advisory on November 7: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/ Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Patches available from Fedora
Fedora has issued an advisory on November 7: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/ CVE-2021-3826 also affects gdb and is fixed upstream in 12.1. CVE-2022-38533 only affects binutils and is fixed upstream in 2.40. It's not clear which binutils version fixes CVE-2021-3826.
CC: (none) => thierry.vignaudSummary: binutils new security issues CVE-2021-3826 and CVE-2022-38533 => gdb, binutils new security issues CVE-2021-3826 and CVE-2022-38533
CVE-2021-3826 got fixed in binutils-2_38~121 CVE-2022-38533 I fixed in binutils-2.39-3.mga9
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
Fixes building in: binutils-2.36.1-1.5.mga8 gdb-10.1-5.1.mga8
libbinutils-devel-2.36.1-1.5.mga8 binutils-2.36.1-1.5.mga8 gdb-doc-10.1-5.1.mga8 gdb-headless-10.1-5.1.mga8 gdb-gdbserver-10.1-5.1.mga8 gdb-10.1-5.1.mga8 from SRPMS: binutils-2.36.1-1.5.mga8.src.rpm gdb-10.1-5.1.mga8.src.rpm
Assignee: tmb => qa-bugsStatus comment: Patches available from Fedora => (none)CC: (none) => tmb
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Testing as far as binutils is covered ref bug 28305 Comment 12 $ objdump -x /bin/pulseaudio /bin/pulseaudio: file format elf64-x86-64 /bin/pulseaudio architecture: i386:x86-64, flags 0x00000112: EXEC_P, HAS_SYMS, D_PAGED start address 0x0000000000408050 Program Header: PHDR off 0x0000000000000040 vaddr 0x0000000000400040 paddr 0x0000000000400040 align 2**3 filesz 0x0000000000000268 memsz 0x0000000000000268 flags r-- and a load more..... $ objdump -f /bin/gcc /bin/gcc: file format elf64-x86-64 architecture: i386:x86-64, flags 0x00000112: EXEC_P, HAS_SYMS, D_PAGED start address 0x0000000000407220 $ readelf -hl /bin/python ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 etc ...... $ strings /bin/lua | grep -i luaL luaL_openlib luaL_where luaL_traceback etc.... Looks all OK, but I won't venture into the gdb stuff, leaving that for others.
CC: (none) => herman.viaene
In reply to comment 5: Thanks Herman. I can run a very elementary test on gdb and hopefully send this on.
CC: (none) => tarazed25
mga8, x64 All packages updated cleanly. Compiled a very basic commandline C++ program then ran it under gdb. Note that all debuginfo repositories have been disabled. $ cat abc.c++ #include <iostream> #include <stdlib.h> #include <string.h> using namespace std; float findSquare(float a) { return a * a; } int main(int n, char** args) { for (int i = 1; i < n; i++) { float a = atof(args[i]); cout << findSquare(a) << endl; } return 0; } $ g++ -o abc abc.c++ $ gdb ./abc GNU gdb (GDB) 10.1-5.1.mga8 (Mageia release 8) ..... Reading symbols from ./abc... (No debugging symbols found in ./abc) (gdb) break findSquare Breakpoint 1 at 0x401176 (gdb) run 7 1.414215 43 \0x2B 17i Starting program: /home/lcl/qa/gdb/abc 7 1.414215 43 \0x2B 17i Missing separate debuginfos, use: debuginfo-install glibc-2.32-28.mga8.x86_64 Breakpoint 1, 0x0000000000401176 in findSquare(float) () Missing separate debuginfos, use: debuginfo-install libgcc1-10.4.0-3.mga8.x86_64 libstdc++6-10.4.0-3.mga8.x86_64 (gdb) n Single stepping until exit from function _Z10findSquaref, which has no line number information. 0x00000000004011d8 in main () (gdb) n Single stepping until exit from function main, which has no line number information. 49 Breakpoint 1, 0x0000000000401176 in findSquare(float) () (gdb) n Single stepping until exit from function _Z10findSquaref, which has no line number information. 0x00000000004011d8 in main () (gdb) n Single stepping until exit from function main, which has no line number information. 2 Breakpoint 1, 0x0000000000401176 in findSquare(float) () (gdb) c Continuing. 1849 Breakpoint 1, 0x0000000000401176 in findSquare(float) () (gdb) c Continuing. 1849 Breakpoint 1, 0x0000000000401176 in findSquare(float) () (gdb) c Continuing. 289 [Inferior 1 (process 3675638) exited normally] (gdb) q $ That all looks fine but it could hardly be simpler. $ gdb abc (gdb) b main Breakpoint 1 at 0x40118a (gdb) b findSquare Breakpoint 2 at 0x401176 (gdb) delete 2 (gdb) run 3.33 5.55 Starting program: /home/lcl/qa/gdb/abc 3.33 5.55 Missing separate debuginfos, use: debuginfo-install glibc-2.32-28.mga8.x86_64 Breakpoint 1, 0x000000000040118a in main () Missing separate debuginfos, use: debuginfo-install libgcc1-10.4.0-3.mga8.x86_64 libstdc++6-10.4.0-3.mga8.x86_64 (gdb) c Continuing. 11.0889 30.8025 [Inferior 1 (process 3782253) exited normally] (gdb) clear main Deleted breakpoint 1 (gdb) run 5.5^02 Starting program: /home/lcl/qa/gdb/abc 5.5^02 30.25 [Inferior 1 (process 3789349) exited normally] (gdb) run Starting program: /home/lcl/qa/gdb/abc 5.5^02 30.25 [Inferior 1 (process 3792884) exited normally] (gdb) b findSquare Breakpoint 3 at 0x401176 (gdb) info breakpoints Num Type Disp Enb Address What 3 breakpoint keep y 0x0000000000401176 <findSquare(float)+4> (gdb) disable 3 (gdb) info breakpoints Num Type Disp Enb Address What 3 breakpoint keep n 0x0000000000401176 <findSquare(float)+4> (gdb) enable 3 (gdb) info breakpoints Num Type Disp Enb Address What 3 breakpoint keep y 0x0000000000401176 <findSquare(float)+4> (gdb) Leaving it there. Don't know anything about gdbserver. Sending this on based on Herman's tests and this one.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0425.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED