gdb: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 200505-15 / gdb
||May 20, 2005
||May 22, 2006: 02
All supported architectures
#88398, #91398, #91654
Multiple vulnerabilities have been discovered in the GNU debugger,
potentially allowing the execution of arbitrary code.
gdb is the GNU project's debugger, facilitating the analysis and
debugging of applications. The BFD library provides a uniform method of
accessing a variety of object file formats.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an
integer overflow in the BFD library, resulting in a heap overflow. A
review also showed that by default, gdb insecurely sources
initialisation files from the working directory.
Successful exploitation would result in the execution of arbitrary code
on loading a specially crafted object file or the execution of
There is no known workaround at this time.
All gdb users should upgrade to the latest stable version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gdb-6.3-r3"