<div class="container">
    <h1>Security update for gdb</h1>

    <table class="table table-striped table-bordered">
        <tbody>
        <tr>
            <th>Announcement ID:</th>
            <td>SUSE-SU-2024:0319-1</td>
        </tr>
        
        <tr>
            <th>Rating:</th>
            <td>moderate</td>
        </tr>
        <tr>
            <th>References:</th>
            <td>
                <ul>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1068950">bsc#1068950</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1081527">bsc#1081527</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1211052">bsc#1211052</a>
                        </li>
                    
                    
                        <li style="display: inline;">
                            <a href="https://jira.suse.com/browse/PED-6584">jsc#PED-6584</a>
                        </li>
                    
                </ul>
            </td>
        </tr>
        
            <tr>
                <th>
                    Cross-References:
                </th>
                <td>
                    <ul>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2017-16829.html">CVE-2017-16829</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2018-7208.html">CVE-2018-7208</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2022-4806.html">CVE-2022-4806</a>
                        </li>
                    
                    </ul>
                </td>
            </tr>
            <tr>
                <th>CVSS scores:</th>
                <td>
                    <ul class="list-group">
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2017-16829</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">3.3</span>
                                <span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2017-16829</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.8</span>
                                <span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2018-7208</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">3.3</span>
                                <span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2018-7208</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.8</span>
                                <span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-4806</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.3</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-4806</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.2</span>
                                <span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
                            </li>
                        
                    </ul>
                </td>
            </tr>
        
        <tr>
            <th>Affected Products:</th>
            <td>
                <ul class="list-group">
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
                    
                </ul>
            </td>
        </tr>
        </tbody>
    </table>

    <p>An update that solves three vulnerabilities and contains one feature can now be installed.</p>

    


    
        <h2>Description:</h2>
    
    <p>This update for gdb fixes the following issues:</p>
<ul>
<li>Drop libdebuginfod1 BuildRequires/Recommends. The former isn&#x27;t
  needed because there&#x27;s a build requirement on libdebuginfod-devel
  already, which will pull the shared library. And the latter,
  because it&#x27;s bogus since RPM auto generated dependency will take
  care of that requirement.</li>
</ul>
<p>gdb was released in 13.2:</p>
<ul>
<li>
<p>This version of GDB includes the following changes and enhancements:</p>
</li>
<li>
<p>Support for the following new targets has been added in both GDB and GDBserver:</p>
<pre><code>* GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux*
* GNU/Linux/CSKY (gdbserver) csky*-*linux*
</code></pre>
</li>
<li>
<p>The Windows native target now supports target async.</p>
</li>
<li>Floating-point support has now been added on LoongArch GNU/Linux.</li>
<li>
<p>New commands:</p>
<pre><code>* set print nibbles [on|off]
* show print nibbles

* This controls whether the &#x27;print/t&#x27; command will display binary values in groups of four bits, known as &quot;nibbles&quot;. The default is &#x27;off&#x27;.
  Various styling-related commands. See the gdb/NEWS file for more details.
  Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details.
</code></pre>
</li>
<li>
<p>Python API improvements:</p>
<pre><code>  * New Python API for instruction disassembly.

  * The new attribute &#x27;locations&#x27; of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee.
  * New Python type gdb.BreakpointLocation.
  * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as &#x27;address &#x27;
  * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter(&#x27;language&#x27;), this will never return &#x27;auto&#x27;.
  * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string.
  * New method gdb.Frame.language that returns the name of the frame&#x27;s language.
  * gdb.Value.format_string now uses the format provided by &#x27;print&#x27;, if it is called during a &#x27;print&#x27; or other similar operation.
  * gdb.Value.format_string now accepts the &#x27;summary&#x27; keyword. This can be used to request a shorter representation of a value, the way that &#x27;set print frame-arguments scalars&#x27; does.
  * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window&#x27;s name must start with a character in the set [a-zA-Z], every subsequent character of a window&#x27;s name must be in the set [-_.a-zA-Z0-9].
</code></pre>
<ul>
<li>
<p>GDB/MI changes:</p>
<ul>
<li>MI version 1 is deprecated, and will be removed in GDB 14.</li>
<li>The async record stating the stopped reason &#x27;breakpoint-hit&#x27; now contains an optional field locno. </li>
</ul>
</li>
</ul>
</li>
<li>
<p>Miscellaneous improvements:</p>
<pre><code>  * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF.
  * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior.
  * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit.
  * The &quot;info breakpoints&quot; now displays enabled breakpoint locations of disabled breakpoints as in the &quot;y-&quot; state.
  * The format of &#x27;disassemble /r&#x27; and &#x27;record instruction-history /r&#x27; has changed to match the layout of GNU objdump when disassembling.

  * A new format &quot;/b&quot; has been introduce to provide the old behavior of &quot;/r&quot;.
  * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new &quot;set style tui-current-position&quot; command.
  * It is now possible to use the &quot;document&quot; command to document user-defined commands.
  * Support for memory tag data for AArch64 MTE.
</code></pre>
</li>
<li>
<p>Support Removal notices:</p>
<pre><code>  * DBX mode has been removed.
  * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3.
  * Support for the following commands has been removed:

  * set debug aix-solib on|off
  * show debug aix-solib
  * set debug solib-frv on|off
  * show debug solib-frv

  * Use the &quot;set/show debug solib&quot; commands instead.
</code></pre>
</li>
</ul>
<p>See the NEWS file for a more complete and detailed list of what this release includes.</p>



    

    <h2>Patch Instructions:</h2>
    <p>
        To install this SUSE  update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:
    </p>
    <ul class="list-group">
        
            <li class="list-group-item">
                SUSE Linux Enterprise Software Development Kit 12 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-319=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing 12 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-319=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server 12 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-319=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server for SAP Applications 12 SP5
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-319=1</code>
                    
                    
                
            </li>
        
    </ul>

    <h2>Package List:</h2>
    <ul>
        
            
                <li>
                    SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
                    <ul>
                        
                            <li>gdbserver-debuginfo-13.2-2.23.1</li>
                        
                            <li>gdbserver-13.2-2.23.1</li>
                        
                            <li>gdb-debuginfo-13.2-2.23.1</li>
                        
                            <li>gdb-debugsource-13.2-2.23.1</li>
                        
                    </ul>
                </li>
            
                <li>
                    SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x)
                    <ul>
                        
                            <li>gdbserver-debuginfo-32bit-13.2-2.23.1</li>
                        
                            <li>gdbserver-32bit-13.2-2.23.1</li>
                        
                            <li>gdb-debuginfo-32bit-13.2-2.23.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
                    <ul>
                        
                            <li>gdb-debuginfo-13.2-2.23.1</li>
                        
                            <li>gdb-13.2-2.23.1</li>
                        
                            <li>gdb-debugsource-13.2-2.23.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
                    <ul>
                        
                            <li>gdb-debuginfo-13.2-2.23.1</li>
                        
                            <li>gdb-13.2-2.23.1</li>
                        
                            <li>gdb-debugsource-13.2-2.23.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
                    <ul>
                        
                            <li>gdb-debuginfo-13.2-2.23.1</li>
                        
                            <li>gdb-13.2-2.23.1</li>
                        
                            <li>gdb-debugsource-13.2-2.23.1</li>
                        
                    </ul>
                </li>
            
        
    </ul>

    
        <h2>References:</h2>
        <ul>
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2017-16829.html">https://www.suse.com/security/cve/CVE-2017-16829.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2018-7208.html">https://www.suse.com/security/cve/CVE-2018-7208.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2022-4806.html">https://www.suse.com/security/cve/CVE-2022-4806.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1068950">https://bugzilla.suse.com/show_bug.cgi?id=1068950</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1081527">https://bugzilla.suse.com/show_bug.cgi?id=1081527</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1211052">https://bugzilla.suse.com/show_bug.cgi?id=1211052</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://jira.suse.com/browse/PED-6584">https://jira.suse.com/browse/PED-6584</a>
                    </li>
                
            
        </ul>
    
</div>