Bug 158680
Summary: | CAN-2005-1704 Integer overflow in gdb | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Josh Bressers <bressers> | ||||
Component: | gdb | Assignee: | Elena Zannoni <ezannoni> | ||||
Status: | CLOSED ERRATA | QA Contact: | Jay Turner <jturner> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | CC: | cagney, jakub, jjohnstn, srevivo | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | impact=low,public=20050525,reported=20050504,source=vendorsec | ||||||
Fixed In Version: | RHSA-2005-709 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-10-05 12:41:41 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 156322 | ||||||
Attachments: |
|
Description
Josh Bressers
2005-05-24 20:00:42 UTC
This issue should also affect RHEL2.1 and RHEL3 ping on this issue I have pieced together the correct fix for bfd and have modified the gdb patch discussed on the FSF list to add a query that allows the user to continue and defaults to no if the .gdbinit file is untrusted. I am currently building and testing the patch. Created attachment 115313 [details]
Demo exploit taken from the gentoo BTS
There are already separate bzs for binutils, so this one should be assigned to GDB crowd... Moving to modified as rpm has been built for RHEL-4: gdb-6.3.0.0-0.31.5 Jeff, Additionally, how do these packages fall regarding the quarterly updates? Are they included in the current QU packages, or shall we wait until after U2/U6 to release these? This patch is considered between the last QU update and the upcoming one. It is a security patch that falls outside the normal QU timeframe. It also allows those who do not intend to update to the next gdb QU level to get the patch on its own. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-709.html |