USN-356-1: gdb vulnerability

2 October 2006

gdb vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description

Details

Will Drewry, of the Google Security Team, discovered buffer overflows in GDB’s DWARF processing. This would allow an attacker to execute arbitrary code with user privileges by tricking the user into using GDB to load an executable that contained malicious debugging information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
gdb - 6.4-1ubuntu5.1
Ubuntu 5.10
gdb - 6.3-6ubuntu2.1
Ubuntu 5.04
gdb - 6.3-5ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References