ID de Prueba:	1.3.6.1.4.1.25623.1.0.58235
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0229
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0229. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion and then printing their data. Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. (CVE-2006-4146) This updated package also addresses the following issues: * Fixed bogus 0x0 unwind of the thread's topmost function clone(3). * Fixed deadlock accessing invalid address for corrupted backtraces. * Fixed a race which occasionally left the detached processes stopped. * Fixed 'gcore' command for 32bit debugged processes on 64bit hosts. * Added support for TLS 'errno' for threaded programs missing its '-debuginfo' package.. * Suggest TLS 'errno' resolving by hand if no threading was found.. * Added a fix to prevent stepping into asynchronously invoked signal handlers. * Added a fix to avoid false warning on shared objects bfd close on Itanium. * Fixed segmentation fault on the source display by ^X 1. * Fixed object names keyboard completion. * Added a fix to avoid crash of 'info threads' if stale threads exist. * Fixed a bug where shared libraries occasionally failed to load . * Fixed handling of exec() called by a threaded debugged program. * Fixed rebuilding requirements of the gdb package itself on multilib systems. * Fixed source directory pathname detection for the edit command. All users of gdb should upgrade to this updated package, which contains backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0229.html http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4146 http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html BugTraq ID: 19802 http://www.securityfocus.com/bid/19802 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://www.osvdb.org/28318 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10463 http://www.redhat.com/support/errata/RHSA-2007-0229.html http://www.redhat.com/support/errata/RHSA-2007-0469.html http://securitytracker.com/id?1017138 http://secunia.com/advisories/21713 http://secunia.com/advisories/22205 http://secunia.com/advisories/22662 http://secunia.com/advisories/25098 http://secunia.com/advisories/25632 http://secunia.com/advisories/25894 http://secunia.com/advisories/25934 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.ubuntu.com/usn/usn-356-1 http://www.vupen.com/english/advisories/2006/3433 http://www.vupen.com/english/advisories/2006/4283 http://www.vupen.com/english/advisories/2007/3229
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.