Ubuntu has issued an advisory on June 20: https://ubuntu.com/security/notices/USN-6842-1
Source RPM: (none) => gdb-12.1-7.mga9.src.rpmStatus comment: (none) => Patches available from UbuntuCVE: (none) => CVE-2022-4285, CVE-2023-1972, CVE-2023-39128, CVE-2023-39129, CVE-2023-39130
Assigning to our registered gdb maintainer.
Assignee: bugsquad => thierry.vignaudCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix security vulnerabilities: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. (CVE-2022-4285) A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. (CVE-2023-39128) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. (CVE-2023-39129) GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. (CVE-2023-39130) References: https://ubuntu.com/security/notices/USN-6842-1 ======================== Updated packages in core/updates_testing: ======================== gdb-12.1-7.1.mga9 gdb-doc-12.1-7.1.mga9 gdb-gdbserver-12.1-7.1.mga9 gdb-headless-12.1-7.1.mga9 gdb-minimal-12.1-7.1.mga9 urpmi-debuginfo-install-12.1-7.1.mga9 from SRPM: gdb-12.1-7.1.mga9.src.rpm
Assignee: thierry.vignaud => qa-bugsStatus: NEW => ASSIGNEDStatus comment: Patches available from Ubuntu => (none)
CC: (none) => mageia
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. No wiki, no previous updates, soo googling for some simple demo and found this: https://www.geeksforgeeks.org/gdb-step-by-step-introduction/ I will upload the test.c file defined here. $ gcc -std=c99 -g -o test test.c $ gdb ./test GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9) Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-mageia-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./test... (gdb) run Starting program: /home/tester9/Documents/test Missing separate debuginfos, use: debuginfo-install glibc-2.36-54.mga9.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". -10104 , c[Inferior 1 (process 90912) exited normally] (gdb) q So I run # debuginfo-install glibc-2.36-54.mga9.x86_64 No package named glibc-debuginfo Something went wrong, make sure your Debug media are configured properly But there is no such package in our repo. I have to give up on that now. Back to gdb $ gdb ./test GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9) Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-mageia-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./test... (gdb) l 1 #include<stdio.h> 2 3 int main() 4 { 5 int x; 6 int a = x; 7 int b = x; 8 int c = a + b; 9 printf("%d\n, c"); 10 return 0; (gdb) So at least something can be demonstrated. If someone can help to solve the debug package problem, I would be glad to complete the test. Or can we OK it as developer's area???
CC: (none) => herman.viaene
Created attachment 14579 [details] testing file for debug
(In reply to Herman Viaene from comment #3) > MGA9-64 Plasma Wayland on HP-Pavillion > No installation issues. > No wiki, no previous updates, soo googling for some simple demo and found > this: > https://www.geeksforgeeks.org/gdb-step-by-step-introduction/ > I will upload the test.c file defined here. > $ gcc -std=c99 -g -o test test.c > > $ gdb ./test > GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9) > Copyright (C) 2022 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > Type "show copying" and "show warranty" for details. > This GDB was configured as "x86_64-mageia-linux-gnu". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <https://www.gnu.org/software/gdb/bugs/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from ./test... > (gdb) run > Starting program: /home/tester9/Documents/test > Missing separate debuginfos, use: debuginfo-install glibc-2.36-54.mga9.x86_64 > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > -10104 > , c[Inferior 1 (process 90912) exited normally] > (gdb) q > > So I run > # debuginfo-install glibc-2.36-54.mga9.x86_64 > No package named glibc-debuginfo > Something went wrong, make sure your Debug media are configured properly > But there is no such package in our repo. I have to give up on that now. > Back to gdb > > $ gdb ./test > GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9) > Copyright (C) 2022 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > Type "show copying" and "show warranty" for details. > This GDB was configured as "x86_64-mageia-linux-gnu". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <https://www.gnu.org/software/gdb/bugs/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from ./test... > (gdb) l > 1 #include<stdio.h> > 2 > 3 int main() > 4 { > 5 int x; > 6 int a = x; > 7 int b = x; > 8 int c = a + b; > 9 printf("%d\n, c"); > 10 return 0; > (gdb) > So at least something can be demonstrated. > If someone can help to solve the debug package problem, I would be glad to > complete the test. > Or can we OK it as developer's area??? It's a usual warning if you not install the debug packages but with the test you provide is not necessary because not exist.
(In reply to katnatek from comment #5) > (In reply to Herman Viaene from comment #3) > > MGA9-64 Plasma Wayland on HP-Pavillion > > No installation issues. > > No wiki, no previous updates, soo googling for some simple demo and found > > this: > > https://www.geeksforgeeks.org/gdb-step-by-step-introduction/ > > I will upload the test.c file defined here. > > $ gcc -std=c99 -g -o test test.c > > > > $ gdb ./test > > GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9) > > Copyright (C) 2022 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > Type "show copying" and "show warranty" for details. > > This GDB was configured as "x86_64-mageia-linux-gnu". > > Type "show configuration" for configuration details. > > For bug reporting instructions, please see: > > <https://www.gnu.org/software/gdb/bugs/>. > > Find the GDB manual and other documentation resources online at: > > <http://www.gnu.org/software/gdb/documentation/>. > > > > For help, type "help". > > Type "apropos word" to search for commands related to "word"... > > Reading symbols from ./test... > > (gdb) run > > Starting program: /home/tester9/Documents/test > > Missing separate debuginfos, use: debuginfo-install glibc-2.36-54.mga9.x86_64 > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/lib64/libthread_db.so.1". > > -10104 > > , c[Inferior 1 (process 90912) exited normally] > > (gdb) q > > > > So I run > > # debuginfo-install glibc-2.36-54.mga9.x86_64 > > No package named glibc-debuginfo > > Something went wrong, make sure your Debug media are configured properly > > But there is no such package in our repo. I have to give up on that now. > > Back to gdb > > > > $ gdb ./test > > GNU gdb (GDB) 12.1-7.1.mga9 (Mageia release 9) > > Copyright (C) 2022 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. > > Type "show copying" and "show warranty" for details. > > This GDB was configured as "x86_64-mageia-linux-gnu". > > Type "show configuration" for configuration details. > > For bug reporting instructions, please see: > > <https://www.gnu.org/software/gdb/bugs/>. > > Find the GDB manual and other documentation resources online at: > > <http://www.gnu.org/software/gdb/documentation/>. > > > > For help, type "help". > > Type "apropos word" to search for commands related to "word"... > > Reading symbols from ./test... > > (gdb) l > > 1 #include<stdio.h> > > 2 > > 3 int main() > > 4 { > > 5 int x; > > 6 int a = x; > > 7 int b = x; > > 8 int c = a + b; > > 9 printf("%d\n, c"); > > 10 return 0; > > (gdb) > > So at least something can be demonstrated. > > If someone can help to solve the debug package problem, I would be glad to > > complete the test. > > Or can we OK it as developer's area??? > > It's a usual warning if you not install the debug packages but with the test > you provide is not necessary because not exist. Sorry the debug for glibc exits but is not really necessary for this test
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing gdb-minimal-12.1-7.1.mga9.x86_64.rpm gdb-headless-12.1-7.1.mga9.x86_64.rpm gdb-12.1-7.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/3: gdb-headless ################################################################################################## 2/3: gdb ################################################################################################## 3/3: gdb-minimal ################################################################################################## 1/3: removing gdb-12.1-7.mga9.x86_64 ################################################################################################## 2/3: removing gdb-headless-12.1-7.mga9.x86_64 ################################################################################################## 3/3: removing gdb-minimal-12.1-7.mga9.x86_64 ################################################################################################## I can reproduce the bug#33330 comment#0 output running gdb aegisub in Plasma wayland
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs