USN-3367-1: gdb vulnerabilities
26 July 2017
Several security issues were fixed in gdb.
Releases
Packages
- gdb - GNU Debugger
Details
Hanno Böck discovered that gdb incorrectly handled certain malformed AOUT
headers in PE executables. If a user or automated system were tricked into
processing a specially crafted binary, a remote attacker could use this
issue to cause gdb to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.
(CVE-2014-8501)
It was discovered that gdb incorrectly handled printing bad bytes in Intel
Hex objects. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to cause
gdb to crash, resulting in a denial of service. This issue only applied to
Ubuntu 14.04 LTS. (CVE-2014-9939)
It was discovered that gdb incorrectly handled certain string operations.
If a user or automated system were tricked into processing a specially
crafted binary, a remote attacker could use this issue to cause gdb to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-2226)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. This issue only applied to Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)
It was discovered that gdb incorrectly handled parsing certain binaries. If
a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause gdb to crash,
resulting in a denial of service. (CVE-2016-4491)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04
Ubuntu 16.04
Ubuntu 14.04
In general, a standard system update will make all the necessary changes.
Related notices
- USN-2496-1: binutils-multiarch-dev, binutils-multiarch, binutils-static-udeb, binutils-source, binutils-dev, binutils, binutils-doc, binutils-static
- USN-3337-1: valgrind
- USN-3368-1: libiberty, libiberty-dev
- USN-4336-2: binutils-multiarch, binutils-hppa64-linux-gnu, binutils-multiarch-dev, binutils-arm-linux-gnueabihf, binutils, binutils-s390x-linux-gnu, binutils-mipsel-linux-gnu, binutils-sparc64-linux-gnu, binutils-dev, binutils-m68k-linux-gnu, binutils-mips64el-linux-gnuabi64, binutils-powerpc64-linux-gnu, binutils-powerpc-linux-gnuspe, binutils-powerpc64le-linux-gnu, binutils-hppa-linux-gnu, binutils-arm-linux-gnueabi, binutils-aarch64-linux-gnu, binutils-source, binutils-mips-linux-gnu, binutils-powerpc-linux-gnu, binutils-mips64-linux-gnuabi64, binutils-doc, binutils-sh4-linux-gnu, binutils-alpha-linux-gnu