Ubuntu Security Notice 3367-1 - Hanno Bock discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
f3e471479b529fe664751ec43fd5c8ddedf9d518467f07744a2cb8afeec18465==========================================================================
Ubuntu Security Notice USN-3367-1
July 26, 2017
gdb vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in gdb.
Software Description:
- gdb: GNU Debugger
Details:
Hanno Bock discovered that gdb incorrectly handled certain malformed AOUT
headers in PE executables. If a user or automated system were tricked into
processing a specially crafted binary, a remote attacker could use this
issue to cause gdb to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.
(CVE-2014-8501)
It was discovered that gdb incorrectly handled printing bad bytes in Intel
Hex objects. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
gdb to crash, resulting in a denial of service. This issue only applied to
Ubuntu 14.04 LTS. (CVE-2014-9939)
It was discovered that gdb incorrectly handled certain string operations.
If a user or automated system were tricked into processing a specially
crafted binary, a remote attacker could use this issue to cause gdb to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-2226)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. This issue only applied to Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. (CVE-2016-4491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
gdb 7.12.50.20170314-0ubuntu1.1
Ubuntu 16.04 LTS:
gdb 7.11.1-0ubuntu1~16.5
Ubuntu 14.04 LTS:
gdb 7.7.1-0ubuntu5~14.04.3
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3367-1
CVE-2014-8501, CVE-2014-9939, CVE-2016-2226, CVE-2016-4487,
CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491,
CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
Package Information:
https://launchpad.net/ubuntu/+source/gdb/7.12.50.20170314-0ubuntu1.1
https://launchpad.net/ubuntu/+source/gdb/7.11.1-0ubuntu1~16.5
https://launchpad.net/ubuntu/+source/gdb/7.7.1-0ubuntu5~14.04.3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed