<div class="container">
<h1>Security update for gdb</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:2485-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1068950">#1068950</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1081527">#1081527</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1192285">#1192285</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207712">#1207712</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210081">#1210081</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2017-16829.html">CVE-2017-16829</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2018-7208.html">CVE-2018-7208</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2017-16829</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.3</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2017-16829</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2018-7208</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.3</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2018-7208</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves two vulnerabilities, contains two features and has three fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for gdb fixes the following issues:</p>
<p>gdb was updated to 12.1. (jsc#SLE-21561)</p>
<ul>
<li>
<p>DBX mode is deprecated, and will be removed in GDB 13.</p>
</li>
<li>
<p>GDB 12 is the last release of GDB that will support building against
Python 2. From GDB 13, it will only be possible to build GDB itself
with Python 3 support.</p>
</li>
<li>
<p>Improved C++ template support:</p>
</li>
</ul>
<p>GDB now treats functions/types involving C++ templates like it does function
overloads. Users may omit parameter lists to set breakpoints on families of
template functions, including types/functions composed of multiple template types:
(gdb) break template_func(template_1, int)
The above will set breakpoints at every function <code>template_func' where
the first function parameter is any template type named</code>template_1' and
the second function parameter is `int'.
TAB completion also gains similar improvements.</p>
<ul>
<li>
<p>New commands:</p>
</li>
<li>
<p>maint set backtrace-on-fatal-signal on|off</p>
</li>
<li>maint show backtrace-on-fatal-signal</li>
</ul>
<p>This setting is 'on' by default. When 'on' GDB will print a limited
backtrace to stderr in the situation where GDB terminates with a
fatal signal. This only supported on some platforms where the
backtrace and backtrace_symbols_fd functions are available.</p>
<ul>
<li>set source open on|off</li>
<li>show source open</li>
</ul>
<p>This setting, which is on by default, controls whether GDB will try
to open source code files. Switching this off will stop GDB trying
to open and read source code files, which can be useful if the files
are located over a slow network connection.</p>
<ul>
<li>set varsize-limit</li>
<li>show varsize-limit</li>
</ul>
<p>These are now deprecated aliases for "set max-value-size" and
"show max-value-size".</p>
<ul>
<li>task apply [all | TASK-IDS...] [FLAG]... COMMAND</li>
</ul>
<p>Like "thread apply", but applies COMMAND to Ada tasks.</p>
<ul>
<li>watch [...] task ID</li>
</ul>
<p>Watchpoints can now be restricted to a specific Ada task.</p>
<ul>
<li>maint set internal-error backtrace on|off</li>
<li>maint show internal-error backtrace</li>
<li>maint set internal-warning backtrace on|off</li>
<li>maint show internal-warning backtrace</li>
</ul>
<p>GDB can now print a backtrace of itself when it encounters either an
internal-error, or an internal-warning. This is on by default for
internal-error and off by default for internal-warning.</p>
<ul>
<li>set logging on|off</li>
</ul>
<p>Deprecated and replaced by "set logging enabled on|off".</p>
<ul>
<li>set logging enabled on|off</li>
<li>show logging enabled</li>
</ul>
<p>These commands set or show whether logging is enabled or disabled.</p>
<ul>
<li>exit</li>
</ul>
<p>You can now exit GDB by using the new command "exit", in addition to
the existing "quit" command.</p>
<ul>
<li>set debug threads on|off</li>
<li>show debug threads</li>
</ul>
<p>Print additional debug messages about thread creation and deletion.</p>
<ul>
<li>set debug linux-nat on|off</li>
<li>show debug linux-nat</li>
</ul>
<p>These new commands replaced the old 'set debug lin-lwp' and 'show
debug lin-lwp' respectively. Turning this setting on prints debug
messages relating to GDB's handling of native Linux inferiors.</p>
<ul>
<li>maint flush source-cache</li>
</ul>
<p>Flush the contents of the source code cache.</p>
<ul>
<li>maint set gnu-source-highlight enabled on|off</li>
<li>maint show gnu-source-highlight enabled</li>
</ul>
<p>Whether GDB should use the GNU Source Highlight library for adding
styling to source code. When off, the library will not be used, even
when available. When GNU Source Highlight isn't used, or can't add
styling to a particular source file, then the Python Pygments
library will be used instead.</p>
<ul>
<li>set suppress-cli-notifications (on|off)</li>
<li>show suppress-cli-notifications</li>
</ul>
<p>This controls whether printing the notifications is suppressed for CLI.
CLI notifications occur when you change the selected context
(i.e., the current inferior, thread and/or the frame), or when
the program being debugged stops (e.g., because of hitting a
breakpoint, completing source-stepping, an interrupt, etc.).</p>
<ul>
<li>set style disassembler enabled on|off</li>
<li>show style disassembler enabled</li>
</ul>
<p>If GDB is compiled with Python support, and the Python Pygments
package is available, then, when this setting is on, disassembler
output will have styling applied.</p>
<ul>
<li>set ada source-charset</li>
<li>show ada source-charset</li>
</ul>
<p>Set the character set encoding that is assumed for Ada symbols. Valid
values for this follow the values that can be passed to the GNAT
compiler via the '-gnati' option. The default is ISO-8859-1.</p>
<ul>
<li>
<p>Changed commands:</p>
</li>
<li>
<p>print</p>
</li>
</ul>
<p>Printing of floating-point values with base-modifying formats like
/x has been changed to display the underlying bytes of the value in
the desired base. This was GDB's documented behavior, but was never
implemented correctly.</p>
<ul>
<li>maint packet</li>
</ul>
<p>This command can now print a reply, if the reply includes
non-printable characters. Any non-printable characters are printed
as escaped hex, e.g. \x?? where '??' is replaces with the value of
the non-printable character.</p>
<ul>
<li>
<p>clone-inferior
The clone-inferior command now ensures that the TTY, CMD and ARGS
settings are copied from the original inferior to the new one.
All modifications to the environment variables done using the 'set
environment' or 'unset environment' commands are also copied to the new
inferior.</p>
</li>
<li>
<p>set debug lin-lwp on|off</p>
</li>
<li>show debug lin-lwp</li>
</ul>
<p>These commands have been removed from GDB. The new command 'set
debug linux-nat' and 'show debug linux-nat' should be used
instead.</p>
<ul>
<li>info win</li>
</ul>
<p>This command now includes information about the width of the tui
windows in its output.</p>
<ul>
<li>
<p>GDB's Ada parser now supports an extension for specifying the exact
byte contents of a floating-point literal. This can be useful for
setting floating-point registers to a precise value without loss of
precision. The syntax is an extension of the based literal syntax.
Use, e.g., "16lf#0123abcd#" -- the number of "l"s controls the width
of the floating-point type, and the "f" is the marker for floating
point.</p>
</li>
<li>
<p>MI changes:</p>
</li>
</ul>
<p>** The '-add-inferior' with no option flags now inherits the
connection of the current inferior, this restores the behaviour of
GDB as it was prior to GDB 10.</p>
<p>** The '-add-inferior' command now accepts a '--no-connection'
option, which causes the new inferior to start without a
connection.</p>
<ul>
<li>Python API:</li>
</ul>
<p>** New function gdb.add_history(), which takes a gdb.Value object
and adds the value it represents to GDB's history list. An
integer, the index of the new item in the history list, is
returned.</p>
<p>** New function gdb.history_count(), which returns the number of
values in GDB's value history.</p>
<p>** New gdb.events.gdb_exiting event. This event is called with a
gdb.GdbExitingEvent object which has the read-only attribute
'exit_code', which contains the value of the GDB exit code. This
event is triggered once GDB decides it is going to exit, but
before GDB starts to clean up its internal state.</p>
<p>** New function gdb.architecture_names(), which returns a list
containing all of the possible Architecture.name() values. Each
entry is a string.</p>
<p>** New function gdb.Architecture.integer_type(), which returns an
integer type given a size and a signed-ness.</p>
<p>** New gdb.TargetConnection object type that represents a connection
(as displayed by the 'info connections' command). A sub-class,
gdb.RemoteTargetConnection, is used to represent 'remote' and
'extended-remote' connections.</p>
<p>** The gdb.Inferior type now has a 'connection' property which is an
instance of gdb.TargetConnection, the connection used by this
inferior. This can be None if the inferior has no connection.</p>
<p>** New 'gdb.events.connection_removed' event registry, which emits a
'gdb.ConnectionEvent' when a connection is removed from GDB.
This event has a 'connection' property, a gdb.TargetConnection
object for the connection being removed.</p>
<p>** New gdb.connections() function that returns a list of all
currently active connections.</p>
<p>** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This
is equivalent to the existing 'maint packet' CLI command; it
allows a user specified packet to be sent to the remote target.</p>
<p>** New function gdb.host_charset(), returns a string, which is the
name of the current host charset.</p>
<p>** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter
NAME to VALUE.</p>
<p>** New gdb.with_parameter(NAME, VALUE). This returns a context
manager that temporarily sets the gdb parameter NAME to VALUE,
then resets it when the context is exited.</p>
<p>** The gdb.Value.format_string method now takes a 'styling'
argument, which is a boolean. When true, the returned string can
include escape sequences to apply styling. The styling will only
be present if styling is otherwise turned on in GDB (see 'help
set styling'). When false, which is the default if the argument
is not given, then no styling is applied to the returned string.</p>
<p>** New read-only attribute gdb.InferiorThread.details, which is
either a string, containing additional, target specific thread
state information, or None, if there is no such additional
information.</p>
<p>** New read-only attribute gdb.Type.is_scalar, which is True for
scalar types, and False for all other types.</p>
<p>** New read-only attribute gdb.Type.is_signed. This attribute
should only be read when Type.is_scalar is True, and will be True
for signed types, and False for all other types. Attempting to
read this attribute for non-scalar types will raise a ValueError.</p>
<p>** It is now possible to add GDB/MI commands implemented in Python.</p>
<ul>
<li>
<p>Update libipt to v2.0.5.</p>
</li>
<li>
<p>CVE-2018-7208: Fixed improper bounds check in coffgen.c:coff_pointerize_aux() that allowed for denial of service when parsing a crafted COFF file (bsc#1081527).</p>
</li>
<li>CVE-2017-16829: Fixed possible remote denial of service via the _bfd_elf_parse_gnu_properties() function in elf-properties.c (bsc#1068950).</li>
</ul>
<p>Bug fixes:</p>
<ul>
<li>Fixed license (bsc#1210081).</li>
<li>Advertises RHEL version support status (bsc#1207712).</li>
<li>Fixed crashes while debugging a clang-cpp app (bsc#1192285).</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Moderate update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2485=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2485=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2485=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2485=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>gdb-debuginfo-12.1-2.20.1</li>
<li>gdb-debugsource-12.1-2.20.1</li>
<li>gdbserver-12.1-2.20.1</li>
<li>gdbserver-debuginfo-12.1-2.20.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x)
<ul>
<li>gdb-debuginfo-32bit-12.1-2.20.1</li>
<li>gdbserver-debuginfo-32bit-12.1-2.20.1</li>
<li>gdbserver-32bit-12.1-2.20.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>gdb-12.1-2.20.1</li>
<li>gdb-debugsource-12.1-2.20.1</li>
<li>gdb-debuginfo-12.1-2.20.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>gdb-12.1-2.20.1</li>
<li>gdb-debugsource-12.1-2.20.1</li>
<li>gdb-debuginfo-12.1-2.20.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>gdb-12.1-2.20.1</li>
<li>gdb-debugsource-12.1-2.20.1</li>
<li>gdb-debuginfo-12.1-2.20.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2017-16829.html">https://www.suse.com/security/cve/CVE-2017-16829.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2018-7208.html">https://www.suse.com/security/cve/CVE-2018-7208.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1068950">https://bugzilla.suse.com/show_bug.cgi?id=1068950</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1081527">https://bugzilla.suse.com/show_bug.cgi?id=1081527</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1192285">https://bugzilla.suse.com/show_bug.cgi?id=1192285</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207712">https://bugzilla.suse.com/show_bug.cgi?id=1207712</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210081">https://bugzilla.suse.com/show_bug.cgi?id=1210081</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SLE-21561">https://jira.suse.com/browse/SLE-21561</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SLE-22287">https://jira.suse.com/browse/SLE-22287</a>
</li>
</ul>
</div>