SB2023061216 - SUSE update for gdb
Published: June 12, 2023
Security Bulletin ID
SB2023061216
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-16829)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the elf-properties.c function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed file. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
2) Improper input validation (CVE-ID: CVE-2018-7208)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the coff_pointerize_aux function in the coffgen.c source code due to insufficient validation of an index. A remote attacker can create a specially crafted COFF file, trick the victim into opening it, trigger a segmentation fault and cause the service to crash.
Remediation
Install update from vendor's website.