<div class="container">
<h1>Security update for gdb</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:4413-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2024-12-23T19:42:03Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220490">bsc#1220490</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-10258">jsc#PED-10258</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-10751">jsc#PED-10751</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-4806.html">CVE-2022-4806</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4806</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4806</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Enterprise Storage 7.1</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP2 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP3 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP3</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability and contains two features can now be installed.</p>
<h2>Description:</h2>
<p>This update for gdb fixes the following issues:</p>
<p>Mention changes in GDB 14:</p>
<ul>
<li>GDB now supports the AArch64 Scalable Matrix Extension 2
(SME2), which includes a new 512 bit lookup table register
named ZT0.</li>
<li>GDB now supports the AArch64 Scalable Matrix Extension (SME),
which includes a new matrix register named ZA, a new thread
register TPIDR2 and a new vector length register SVG
(streaming vector granule). GDB also supports tracking ZA
state across signal frames. Some features are still under
development or are dependent on ABI specs that are still in
alpha stage. For example, manual function calls with ZA state
don't have any special handling, and tracking of SVG changes
based on DWARF information is still not implemented, but there
are plans to do so in the future.</li>
<li>GDB now recognizes the NO_COLOR environment variable and
disables styling according to the spec. See
https://no-color.org/. Styling can be re-enabled with
"set style enabled on".</li>
<li>The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication
feature string has been deprecated in favor of the
'org.gnu.gdb.aarch64.pauth_v2' feature string.</li>
<li>GDB now has some support for integer types larger than 64 bits.</li>
<li>Multi-target feature configuration.
GDB now supports the individual configuration of remote
targets' feature sets. Based on the current selection of a
target, the commands 'set remote <name>-packet (on|off|auto)'
and 'show remote <name>-packet' can be used to configure a
target's feature packet and to display its configuration,
respectively.</li>
<li>GDB has initial built-in support for the Debugger Adapter
Protocol.</li>
<li>For the break command, multiple uses of the 'thread' or 'task'
keywords will now give an error instead of just using the
thread or task id from the last instance of the keyword. E.g.:
break foo thread 1 thread 2
will now give an error rather than using 'thread 2'.</li>
<li>For the watch command, multiple uses of the 'task' keyword will
now give an error instead of just using the task id from the
last instance of the keyword. E.g.:
watch my_var task 1 task 2
will now give an error rather than using 'task 2'. The
'thread' keyword already gave an error when used multiple times
with the watch command, this remains unchanged.</li>
<li>The 'set print elements' setting now helps when printing large
arrays. If an array would otherwise exceed max-value-size, but
'print elements' is set such that the size of elements to print
is less than or equal to 'max-value-size', GDB will now still
print the array, however only 'max-value-size' worth of data
will be added into the value history.</li>
<li>For both the break and watch commands, it is now invalid to use
both the 'thread' and 'task' keywords within the same command.
For example the following commnds will now give an error:
break foo thread 1 task 1
watch var thread 2 task 3</li>
<li>The printf command now accepts a '%V' output format which will
format an expression just as the 'print' command would. Print
options can be placed withing '[...]' after the '%V' to modify
how the value is printed. E.g:
printf "%V", some_array
printf "%V[-array-indexes on]", some_array
will print the array without, or with array indexes included,
just as the array would be printed by the 'print' command.
This functionality is also available for dprintf when
dprintf-style is 'gdb'.</li>
<li>When the printf command requires a string to be fetched from
the inferior, GDB now uses the existing 'max-value-size'
setting to the limit the memory allocated within GDB. The
default 'max-value-size' is 64k. To print longer strings you
should increase 'max-value-size'.</li>
<li>The Ada 2022 Enum_Rep and Enum_Val attributes are now
supported.</li>
<li>The Ada 2022 target name symbol ('@') is now supported by the
Ada expression parser.</li>
<li>The 'list' command now accepts '.' as an argument, which tells
GDB to print the location around the point of execution within
the current frame. If the inferior hasn't started yet, the
command will print around the beginning of the 'main' function.</li>
<li>Using the 'list' command with no arguments in a situation where
the command would attempt to list past the end of the file now
warns the user that the end of file has been reached, refers
the user to the newly added '.' argument</li>
<li>Breakpoints can now be inferior-specific. This is similar to
the existing thread-specific breakpoint support. Breakpoint
conditions can include the 'inferior' keyword followed by an
inferior id (as displayed in the 'info inferiors' output).
It is invalid to use the 'inferior' keyword with either the
'thread' or 'task' keywords when creating a breakpoint.</li>
<li>New convenience function "$_shell", to execute a shell command
and return the result. This lets you run shell commands in
expressions. Some examples:
(gdb) p $_shell("true")
$1 = 0
(gdb) p $_shell("false")
$2 = 1
(gdb) break func if $_shell("some command") == 0</li>
<li>
<p>New commands:</p>
</li>
<li>
<p>set debug breakpoint on|off
show debug breakpoint
Print additional debug messages about breakpoint insertion
and removal.</p>
</li>
<li>maintenance print record-instruction [ N ]
Print the recorded information for a given instruction. If N
is not given prints how GDB would undo the last instruction
executed. If N is negative, prints how GDB would undo the
N-th previous instruction, and if N is positive, it prints
how GDB will redo the N-th following instruction.</li>
<li>maintenance info frame-unwinders
List the frame unwinders currently in effect, starting with
the highest priority.</li>
<li>maintenance wait-for-index-cache
Wait until all pending writes to the index cache have
completed.</li>
<li>set always-read-ctf on|off
show always-read-ctf
When off, CTF is only read if DWARF is not present. When on,
CTF is read regardless of whether DWARF is present. Off by
default.</li>
<li>info main
Get main symbol to identify entry point into program.</li>
<li>
<p>set tui mouse-events [on|off]
show tui mouse-events
When on (default), mouse clicks control the TUI and can be
accessed by Python extensions. When off, mouse clicks are
handled by the terminal, enabling terminal-native text
selection.</p>
</li>
<li>
<p>MI changes:</p>
</li>
<li>
<p>MI version 1 has been removed.</p>
</li>
<li>mi now reports 'no-history' as a stop reason when hitting the
end of the reverse execution history.</li>
<li>When creating a thread-specific breakpoint using the '-p'
option, the -break-insert command would report the 'thread'
field twice in the reply. The content of both fields was
always identical. This has now been fixed; the 'thread'
field will be reported just once for thread-specific
breakpoints, or not at all for breakpoints without a thread
restriction. The same is also true for the 'task' field of
an Ada task-specific breakpoint.<ul>
<li>It is no longer possible to create a thread-specific
breakpoint for a thread that doesn't exist using
'-break-insert -p ID'. Creating breakpoints for
non-existent threads is not allowed when using the CLI, that
the MI allowed it was a long standing bug, which has now
been fixed.</li>
</ul>
</li>
<li>The '--simple-values' argument to the
'-stack-list-arguments','-stack-list-locals',
'-stack-list-variables', and '-var-list-children' commands now
takes reference types into account: that is, a value is now
considered simple if it is neither an array, structure, or
union, nor a reference to an array, structure, or union.
(Previously all references were considered simple.) Support
for this feature can be verified by using the
'-list-features' command, which should contain
"simple-values-ref-types".</li>
<li>The -break-insert command now accepts a '-g thread-group-id'
option to allow for the creation of inferior-specific
breakpoints.</li>
<li>
<p>The bkpt tuple, which appears in breakpoint-created
notifications, and in the result of the -break-insert
command can now include an optional 'inferior' field for both
the main breakpoint, and each location, when the breakpoint
is inferior-specific.</p>
</li>
<li>
<p>Python API:</p>
</li>
<li>
<p>gdb.ThreadExitedEvent added. Emits a ThreadEvent.</p>
</li>
<li>The gdb.unwinder.Unwinder.name attribute is now read-only.</li>
<li>The name argument passed to gdb.unwinder.Unwinder.<strong>init</strong>
must now be of type 'str' otherwise a TypeError will be
raised.</li>
<li>The gdb.unwinder.Unwinder.enabled attribute can now only
accept values of type 'bool'. Changing this attribute will
now invalidate GDB's frame-cache, which means GDB will need
to rebuild its frame-cache when next required - either with,
or without the particular unwinder, depending on how
'enabled' was changed.</li>
<li>New methods added to the gdb.PendingFrame class. These
methods have the same behaviour as the corresponding
methods on gdb.Frame. The new methods are:<ul>
<li>gdb.PendingFrame.name: Return the name for the frame's
function, or None.</li>
<li>gdb.PendingFrame.is_valid: Return True if the pending
frame object is valid.</li>
<li>gdb.PendingFrame.pc: Return the $pc register value for
this frame.</li>
<li>gdb.PendingFrame.language: Return a string containing the
language for this frame, or None.</li>
<li>gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line
object for the current location within the pending frame,
or None.</li>
<li>gdb.PendingFrame.block: Return a gdb.Block for the current
pending frame, or None.</li>
<li>gdb.PendingFrame.function: Return a gdb.Symbol for the
current pending frame, or None.</li>
</ul>
</li>
<li>The frame-id passed to gdb.PendingFrame.create_unwind_info
can now use either an integer or a gdb.Value object for each
of its 'sp', 'pc', and 'special' attributes.</li>
<li>A new class gdb.unwinder.FrameId has been added. Instances
of this class are constructed with 'sp' (stack-pointer) and
'pc' (program-counter) values, and can be used as the
frame-id when calling gdb.PendingFrame.create_unwind_info.</li>
<li>It is now no longer possible to sub-class the
gdb.disassembler.DisassemblerResult type.</li>
<li>The Disassembler API from the gdb.disassembler module has
been extended to include styling support:<ul>
<li>The DisassemblerResult class can now be initialized with a
list of parts. Each part represents part of the
disassembled instruction along with the associated style
information. This list of parts can be accessed with the
new DisassemblerResult.parts property.</li>
<li>New constants gdb.disassembler.STYLE_* representing all the
different styles part of an instruction might have.</li>
<li>New methods DisassembleInfo.text_part and
DisassembleInfo.address_part which are used to create the
new styled parts of a disassembled instruction.</li>
<li>Changes are backwards compatible, the older API can still
be used to disassemble instructions without styling.</li>
</ul>
</li>
<li>New function gdb.execute_mi(COMMAND, [ARG]...), that invokes
a GDB/MI command and returns the output as a Python
dictionary.</li>
<li>New function gdb.block_signals(). This returns a context
manager that blocks any signals that GDB needs to handle
itself.</li>
<li>New class gdb.Thread. This is a subclass of threading.Thread
that calls gdb.block_signals in its "start" method.</li>
<li>gdb.parse_and_eval now has a new "global_context" parameter.
This can be used to request that the parse only examine
global symbols.</li>
<li>gdb.Inferior now has a new "arguments" attribute. This holds
the command-line arguments to the inferior, if known.</li>
<li>gdb.Inferior now has a new "main_name" attribute. This holds
the name of the inferior's "main", if known.</li>
<li>gdb.Inferior now has new methods "clear_env", "set_env", and
"unset_env". These can be used to modify the inferior's
environment before it is started.</li>
<li>gdb.Value now has the 'assign' method.</li>
<li>gdb.Value now has the 'to_array' method. This converts an
array-like Value to an array.</li>
<li>gdb.Progspace now has the new method "objfile_for_address".
This returns the gdb.Objfile, if any, that covers a given
address.</li>
<li>gdb.Breakpoint now has an "inferior" attribute. If the
Breakpoint object is inferior specific then this attribute
holds the inferior-id (an integer). If the Breakpoint
object is not inferior specific, then this field contains
None. This field can be written too.</li>
<li>gdb.Type now has the "is_array_like" and "is_string_like"
methods. These reflect GDB's internal idea of whether a
type might be array- or string-like, even if they do not
have the corresponding type code.</li>
<li>gdb.ValuePrinter is a new class that can be used as the base
class for the result of applying a pretty-printer. As a
base class, it signals to gdb that the printer may implement
new pretty-printer methods.</li>
<li>New attribute Progspace.symbol_file. This attribute holds
the gdb.Objfile that corresponds to Progspace.filename (when
Progspace.filename is not None), otherwise, this attribute is
itself None.</li>
<li>New attribute Progspace.executable_filename. This attribute
holds a string containing a file name set by the "exec-file"
or "file" commands, or None if no executable file is set.
This isn't the exact string passed by the user to these
commands; the file name will have been partially resolved to
an absolute file name.</li>
<li>A new executable_changed event registry is available. This
event emits ExecutableChangedEvent objects, which have
'progspace' (a gdb.Progspace) and 'reload' (a Boolean)
attributes. This event is emitted when
gdb.Progspace.executable_filename changes.</li>
<li>New event registries gdb.events.new_progspace and
gdb.events.free_progspace, these emit NewProgspaceEvent and
FreeProgspaceEvent event types respectively. Both of these
event types have a single 'progspace' attribute, which is
the gdb.Progspace that is either being added to GDB, or
removed from GDB.</li>
<li>gdb.LazyString now implements the <strong>str</strong> method.</li>
<li>New method gdb.Frame.static_link that returns the outer
frame of a nested function frame.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP3 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4413=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP2
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4413=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4413=1</code>
</li>
<li class="list-group-item">
SUSE Enterprise Storage 7.1
<br/>
<code>zypper in -t patch SUSE-Storage-7.1-2024-4413=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4413=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4413=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP2 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4413=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (aarch64 x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS (aarch64 x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP2 LTSS (aarch64 ppc64le s390x x86_64)
<ul>
<li>gdb-debuginfo-14.2-150100.8.45.1</li>
<li>gdbserver-14.2-150100.8.45.1</li>
<li>gdbserver-debuginfo-14.2-150100.8.45.1</li>
<li>gdb-14.2-150100.8.45.1</li>
<li>gdb-debugsource-14.2-150100.8.45.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-4806.html">https://www.suse.com/security/cve/CVE-2022-4806.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220490">https://bugzilla.suse.com/show_bug.cgi?id=1220490</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-10258">https://jira.suse.com/browse/PED-10258</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-10751">https://jira.suse.com/browse/PED-10751</a>
</li>
</ul>
</div>