ALAS-2024-2685

Amazon Linux 2 Security Advisory: ALAS-2024-2685
Advisory Release Date: 2024-10-24 23:54 Pacific
Advisory Updated Date: 2024-10-31 18:00 Pacific

Severity: Low

References: CVE-2023-39128 CVE-2023-39129 CVE-2023-39130
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. (CVE-2023-39128)

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. (CVE-2023-39129)

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. (CVE-2023-39130)

Affected Packages:

gdb

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update gdb to update your system.

New Packages:

aarch64:
    gdb-8.0.1-36.amzn2.0.2.aarch64
    gdb-gdbserver-8.0.1-36.amzn2.0.2.aarch64
    gdb-debuginfo-8.0.1-36.amzn2.0.2.aarch64

i686:
    gdb-8.0.1-36.amzn2.0.2.i686
    gdb-gdbserver-8.0.1-36.amzn2.0.2.i686
    gdb-debuginfo-8.0.1-36.amzn2.0.2.i686

noarch:
    gdb-doc-8.0.1-36.amzn2.0.2.noarch

src:
    gdb-8.0.1-36.amzn2.0.2.src

x86_64:
    gdb-8.0.1-36.amzn2.0.2.x86_64
    gdb-gdbserver-8.0.1-36.amzn2.0.2.x86_64
    gdb-debuginfo-8.0.1-36.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2023-39128, CVE-2023-39129, CVE-2023-39130

Mitre: CVE-2023-39128, CVE-2023-39129, CVE-2023-39130

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-2685

Additional References