openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:0898-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.18.2.2024.0898.1

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (SUSE-SU-2024:0898-1)

Summary: The remote host is missing an update for the 'gdb' package(s) announced via the SUSE-SU-2024:0898-1 advisory.

Description: Summary:
The remote host is missing an update for the 'gdb' package(s) announced via the SUSE-SU-2024:0898-1 advisory.

Vulnerability Insight:
This update for gdb fixes the following issues:

- Drop libdebuginfod1 BuildRequires/Recommends. The former isn't
needed because there's a build requirement on libdebuginfod-devel
already, which will pull the shared library. And the latter,
because it's bogus since RPM auto generated dependency will take
care of that requirement.

gdb was released in 13.2:

* This version of GDB includes the following changes and enhancements:

* Support for the following new targets has been added in both GDB and GDBserver:

* GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux*
* GNU/Linux/CSKY (gdbserver) csky*-*linux*

* The Windows native target now supports target async.
* Floating-point support has now been added on LoongArch GNU/Linux.
* New commands:

* set print nibbles [onoff]
* show print nibbles

* This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'.
Various styling-related commands. See the gdb/NEWS file for more details.
Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details.

* Python API improvements:

* New Python API for instruction disassembly.

* The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee.
* New Python type gdb.BreakpointLocation.
* New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address '
* New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'.
* New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string.
* New method gdb.Frame.language that returns the name of the frame's language.
* gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation.
* gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does.
* The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9].
* GDB/MI changes:

* MI version 1 is deprecated, and will be removed in GDB 14.
* The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno.

* Miscellaneous improvements:

* gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF.
* New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior.
* New ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'gdb' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-16829
https://security.gentoo.org/glsa/201811-17
Common Vulnerability Exposure (CVE) ID: CVE-2018-7208
BugTraq ID: 103077
http://www.securityfocus.com/bid/103077
RedHat Security Advisories: RHBA-2019:0327
https://access.redhat.com/errata/RHBA-2019:0327
RedHat Security Advisories: RHSA-2018:3032
https://access.redhat.com/errata/RHSA-2018:3032
SuSE Security Announcement: openSUSE-SU-2019:2415 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
SuSE Security Announcement: openSUSE-SU-2019:2432 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-48064
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/
https://sourceware.org/bugzilla/show_bug.cgi?id=29922
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2024.0898.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:0898-1)
Summary:	The remote host is missing an update for the 'gdb' package(s) announced via the SUSE-SU-2024:0898-1 advisory.
Description:	Summary: The remote host is missing an update for the 'gdb' package(s) announced via the SUSE-SU-2024:0898-1 advisory. Vulnerability Insight: This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch--linux* * GNU/Linux/CSKY (gdbserver) csky-linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [onoff] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'gdb' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-16829 https://security.gentoo.org/glsa/201811-17 Common Vulnerability Exposure (CVE) ID: CVE-2018-7208 BugTraq ID: 103077 http://www.securityfocus.com/bid/103077 RedHat Security Advisories: RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327 RedHat Security Advisories: RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032 SuSE Security Announcement: openSUSE-SU-2019:2415 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html SuSE Security Announcement: openSUSE-SU-2019:2432 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2022-48064 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/ https://sourceware.org/bugzilla/show_bug.cgi?id=29922 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931
Copyright	Copyright (C) 2025 Greenbone AG