Thursday, June 20, 2024

[USN-6842-1] gdb vulnerabilities

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGYvHjQBDADOi4xF8D69+cDdNMpjhdrWL3Hs7cRLXj2+aOPuMJXBw+dKUeOJ
eLHWnU+yhzQAJTVMSO/cYSzbJSkSF45dSnAIwYU9A501PWv786NEBNNe76y7B8Nm
PTQlRHdet678wzNNvIPCF/Ovll1dmRwh6OBvuSGrjhAITv3F6fDYyP2GE9lfDYyr
aMvG6HxkUZF5mAOB8N0AkVQaiIVLNOXHeKcpznw0G0uW3LtMMQWlm/VPLnaAwehK
0xHW6iK9ou5t5pWYJHoLRWbLTqUHDa9wvDaW+UGMsReVymXRJApHmS/li16TOaJN
w5xyz2NZ30f8FEstdTPo3OmZGcOSqztaqJAKn2tePDTnGXr/yj6wognQGZzXMcRi
uyyN+8j98u1pGwIVnxBQuq+lvpnC6acLvGjrp7F8g5zj6yeYGPJoR1Zp4eP7vbim
KhwK5tQxyoN0b5jP+PdGRQ3AwCBIGVSMRx58JTrPTdmfbVTswlVx+Zc4SeMY9PkO
t8PYsDZR+op2mK0AEQEAAc0nQnJ1Y2UgQ2FibGUgPGJydWNlLmNhYmxlQGNhbm9u
aWNhbC5jb20+wsEOBBMBCgA4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE
kd98mdFcnQdP7vQkuGrtzot7pOcFAmYvIIEACgkQuGrtzot7pOetwwv9F4wYw/6x
ZEAp0Vu5F8QlO1rKzEM2eI7Hle/YUEglOdEkKKgtOIrTFlGNIAovVrG/tR8iIdyb
JpEKZoD8e7Vq4wUDNMMTdmrDcetVIHJHCE6ZsFNTXuETss2oKZWPlYAWu9WKK/a3
CukscfORCuR7dVMXOSQ/B9MIt4KabfqOZo6Quh79HHLBNku4FfDlAoiBbG7jEir+
P8QgcJXG8PXjZC4TeVlY4nzGvecr/HVZuuX31GKjqvNRFgohWNYEveDy9zbdkqSf
OgpPHM5E3AAsZUNplo6iIWpxsJ8CyaO9kCNpAQko4rohmYp/VdC/PjaINZKqYT2w
RcZBhsaz8UnZ/frmPTQI8vYOMjhrJx+/t6j1U4hPc1IxeZONoe/vwPlFeR3tpJTC
Ve9uBEGDHZ4peg7wYq6soBaywPZtfhv+vdYfAjJ2W5Ve1xdWXn/Ni3t2Jj0zKOp1
EskzVYobpty3eAoW6BHL1YTin+1BRyt0fB0NoK956UNvQ0EHMm4+n2d2wsEUBBMB
CgA+FiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmYvHjQCGwMFCQPCZwAFCwkIBwIG
FQoJCAsCBBYCAwECHgECF4AACgkQuGrtzot7pOch/gv6A/IpwNg2u8tHVshl6skL
jdg+ZbN1iXjEWl/yZhPInPni0N3j+uYXO5WcbcnzHCABwl23CEXONDqK56YSFA3w
CriafqM60+8T0rhtE7V1ZDTnlscYWngW135EbPjTMV97UPAzGNJFxQABcNze3Ol3
Gfzqi8PM4dua+rBhuc7frLPGMnr6Uh0dK+48zkR7A3S4FpPodW9Lrx+3p1D4msF+
fCVqiXJAgNZ+4+4DLvw/Z0TqAfq8+p1U5ZPQghmY5t7Eb/ohqmMAHvfwt0ydqTb6
dPQFDftoS5X8k+bq3K2jcjjiXKpnfr2enUtLyC542bXWNcPd0plYYzrU4NI/jLsa
+65eMsJL+jMonB03lvbKcAmJriwsz8ptJPzOeRF+7XYYmgO7qg3FFTcxiomhPKSH
Fm+NAWzxTmHLzNQ93Y+3qSiQ0JGHs3M/68Juzl88qFhOqVUPZkd0q/fQpWWE/DU2
qDIpTJB/EOzrVjlgp9qTGJV1skGtW40nvhhpRhR/njz6zsDNBGYvHjQBDADGlkFl
ersL/tg3bhamgmyYg89KXwxILy7k74KtWQ/dufAf8M11q4y0BpzMu00nTRC0M5NH
nMSqZcvwz+iWvNDc5SiL4OwNg8YKU/3oGmCLBKDpWzXvBhLkGw8L94CLRakU358P
QCtmmPMdYVQ/HBJoxFhnzDPxe9ioPUm/sFaRHswCK/0hJ0q7LUz8w2D6gy+3SDcy
/9MaHTVRarGSVCeShz7qwAg/1dLTFosgxrb4fEKlldlbO97AM+GCpgt1Jew5e88Y
LEWP59/h6kDTQrPddUBO7hVNbly3Pxc8eL9b3iQ1wRJxBNrJ0hlGE4nBw6tVmUjc
vpngQHJ8ZmxQnVs3oVvZESFu6JPoqgNS8VhEAI6EnEOFFm5HL9uDL71fmacAWRrm
9gh1qsMByVvB6pOpeWSQPRicrgAAMcZP+COYl6uqwc2VCKL9NxahrjPjecSUHoEc
78tnVkHrOJiyUa4Xu1AJgeLuwhFnGbgF3SJ4/8/rrYoHScIS9+yKmYzHYDcAEQEA
AcLA/AQYAQoAJhYhBJHffJnRXJ0HT+70JLhq7c6Le6TnBQJmLx40AhsMBQkDwmcA
AAoJELhq7c6Le6Tn/0YL/3u59UilxpTpYCc24LevE7/2RgDHjxG+2TSPs+0G7jN5
wruyvRWOVahZ/N+XW2QLuOUimuYcRtDlAwwd/nsz8OMvVZ++NcFgKJNLUJOqe7Fn
t1oYtTUx9JX7E4j5+SZgG5ORWc4YfLx9hKRxfxZuKOjYrAjPn3f21TppQyhc/mt7
7afVn5tWGGAtV1LTf+qg8JZYLDk6/uz60QFmLga5/r5JDYsrZ9tLrlKymBL2CvJA
B80PAmY7BG0xcJPBU92rU/vj1qEBkQq6tV9dJMmf8u3j3PXVMQTvlm83INjr71lt
bzA/Wy6jHoW1xUWzDb6RKHpfLu87QJ9JMNe/A7eK3xWIwe9aDaQv1pftZ1p3DYau
4xZW0n/FI+30ZxH3W1dTuR2nodEPZIUtD2y8iZyQYie1Ru02rTnw364h/dAB2o7P
MGn/BTYQXiui5WHdgd4e8zAYTC8OSAVw5qjh42UIMltpCX5dli5blaM0lK70x2xe
24qugAHoDe4CIMOsmvXvEw==
=NMey
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmZz5U0FAwAAAAAACgkQuGrtzot7pOdI
QQv9Gk302kzq4PWJ/6W542oTpntIkVlfSTK1WrB3T5a+rrt0PjYgwu+n9QbmQaw2Yb7Sc2rd4EpS
IoEeMY+IWleUpRlmZqDRJz13srmKjc5HP86jIpvfYUr9EnNsqV+YS8x+YuJ/Kb39UvK/BDsVX7SR
g/X1OG0ZH0LWQNk2DigCl8TAJrxB4Y8iD8Wh7l54DgeSOna39neoa0bZVFbRlUpTS3JM/Z8YoLnD
GH6a6V76Vp8uIQsx9AmJv92wMC1zOGNbwaKZC0Yo+d3jezVjnjY4ZK/YP0CBQYymio6OvOUw2wxX
+7ZYMmGorvmbpCYhsBZeyvIN4TdWUrerxiey6D7ypTlhUgGlNlU0a57P3ZIA1Pjlr9FAl2nrYsHs
PxB4xcqqTdnBm0OJ+oFoeRZu6TtZD+HW2UYprDa1OPF41Erq8Zw8SqcgWZHHBMU6ZWlMwgbiqV1S
7pe8hLpuFZyNX3QdqEgM50pFRC36wp5KlwKwiQiISawrLa+wY3xDak+aG6qD
=ZRG1
-----END PGP SIGNATURE----- 

==========================================================================  Ubuntu Security Notice USN-6842-1  June 20, 2024    gdb vulnerabilities  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 22.04 LTS  - Ubuntu 20.04 LTS  - Ubuntu 18.04 LTS  - Ubuntu 16.04 LTS    Summary:    gdb could be made to crash if it opened a specially crafted file.    Software Description:  - gdb: GNU Debugger    Details:    It was discovered that gdb incorrectly handled certain memory operations  when parsing an ELF file. An attacker could possibly use this issue  to cause a denial of service. This issue is the result of an  incomplete fix for CVE-2020-16599. This issue only affected  Ubuntu 22.04 LTS. (CVE-2022-4285)    It was discovered that gdb incorrectly handled memory leading  to a heap based buffer overflow. An attacker could use this   issue to cause a denial of service, or possibly execute   arbitrary code. This issue only affected Ubuntu 22.04 LTS.   (CVE-2023-1972)    It was discovered that gdb incorrectly handled memory leading  to a stack overflow. An attacker could possibly use this issue  to cause a denial of service. This issue only affected   Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.   (CVE-2023-39128)    It was discovered that gdb had a use after free vulnerability  under certain circumstances. An attacker could use this to cause   a denial of service or possibly execute arbitrary code. This issue   only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS   and Ubuntu 22.04 LTS. (CVE-2023-39129)    It was discovered that gdb incorrectly handled memory leading to a   heap based buffer overflow. An attacker could use this issue to cause  a denial of service, or possibly execute arbitrary code. This issue   only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.  (CVE-2023-39130)    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 22.04 LTS    gdb                             12.1-0ubuntu1~22.04.2    gdbserver                       12.1-0ubuntu1~22.04.2    Ubuntu 20.04 LTS    gdb                             9.2-0ubuntu1~20.04.2    gdbserver                       9.2-0ubuntu1~20.04.2    Ubuntu 18.04 LTS    gdb                             8.1.1-0ubuntu1+esm1                                    Available with Ubuntu Pro    gdbserver                       8.1.1-0ubuntu1+esm1                                    Available with Ubuntu Pro    Ubuntu 16.04 LTS    gdb                             7.11.1-0ubuntu1~16.5+esm1                                    Available with Ubuntu Pro    gdbserver                       7.11.1-0ubuntu1~16.5+esm1                                    Available with Ubuntu Pro    In general, a standard system update will make all the necessary changes.    References:    https://ubuntu.com/security/notices/USN-6842-1    CVE-2022-4285, CVE-2023-1972, CVE-2023-39128, CVE-2023-39129,    CVE-2023-39130    Package Information:    https://launchpad.net/ubuntu/+source/gdb/12.1-0ubuntu1~22.04.2    https://launchpad.net/ubuntu/+source/gdb/9.2-0ubuntu1~20.04.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)