Advisories

Mandriva Advisories

Package name	gdb
Date	May 30th, 2005
Advisory ID	MDKSA-2005:095
Affected versions	10.0, 10.1, CS2.1, CS3.0, 10.2
Synopsis	Updated gdb packages fix vulnerabilities

Problem Description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two
vulnerabilites in the GNU debugger. The first allows an attacker to
execute arbitrary code with the privileges of the user running gdb if
they can trick the user into loading a specially crafted executable
(CAN-2005-1704).

He also discovered that gdb loads and executes the file .gdbinit in the
current directory even if the file belongs to a different user. If a
user can be tricked into running gdb in a directory with a malicious
.gdbinit file, a local attacker can exploit this to run arbitrary
commands with the privileges of the user running gdb (CAN-2005-1705).

The updated packages have been patched to correct these problems.

Updated Packages

Mandrakelinux 10.0

 3a50223904d8735180a6e6d1367adebe  10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm
a66ca0ba26db821f6cd6b2a962164b89  10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 9beb409470d2b5767c1cee9dabf19aec  amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm
a66ca0ba26db821f6cd6b2a962164b89  amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

Mandrakelinux 10.1

 f709e9355a954210f9791cdaa136d123  10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm
4ccb813e4b0ee7499c45dcfc5aa5c7e8  10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 dde6afb0ef27339bd81a9d9ae195151e  x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm
4ccb813e4b0ee7499c45dcfc5aa5c7e8  x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

Corporate Server 2.1

 b4f7eaa06d432f1dbd7b714249f518fd  corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm
c58ff8886c0762bb8f685f07bb97fef8  corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 b641cd3e7e43ccfcb9d9aa5a88651863  x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm
c58ff8886c0762bb8f685f07bb97fef8  x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

Corporate Server 3.0

 2cfaab7e4ee44d4b8122165a0540c6ad  corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm
3136e4376e69c88876b56dd152b291d5  corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 95087b0e2e5d27c4ac30b881bf12ee42  x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm
3136e4376e69c88876b56dd152b291d5  x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm

Mandriva Linux LE2005

 9984dc6334cd1ea0ef1f1e9304ad3722  10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm
ae742ac4e532252f83f8c7aff810d811  10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 2df9adbbcd385b9c5e2dc514cb3885ad  x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm
ae742ac4e532252f83f8c7aff810d811  x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1705

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer