Security Advisory for gdb missing update announced via SUSE-SU-2024:4414-1.
Reporter | Title | Published | Views | Family All 13 |
---|---|---|---|---|
![]() | CVE-2022-4806 | 28 Dec 202214:15 | – | cve |
![]() | usememos/memos Improper Access Control vulnerability | 28 Dec 202215:30 | – | github |
![]() | Insecure Direct Object References(IDOR) | 2 Jan 202310:09 | – | veracode |
![]() | CVE-2022-4806 Authorization Bypass Through User-Controlled Key in usememos/memos | 28 Dec 202200:00 | – | cvelist |
![]() | SUSE: Security Advisory (SUSE-SU-2024:4413-1) | 24 Dec 202400:00 | – | openvas |
![]() | SUSE: Security Advisory (SUSE-SU-2024:4414-1) | 24 Dec 202400:00 | – | openvas |
![]() | usememos/memos Improper Access Control vulnerability | 28 Dec 202215:30 | – | osv |
![]() | CVE-2022-4806 | 28 Dec 202214:15 | – | osv |
![]() | usememos/memos Improper Access Control vulnerability in github.com/usememos/memos | 21 Aug 202416:04 | – | osv |
![]() | gdb-13.2-3.1 on GA media | 15 Jun 202400:00 | – | osv |
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.856876");
script_version("2024-12-25T05:05:36+0000");
script_cve_id("CVE-2022-4806");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"2024-12-25 05:05:36 +0000 (Wed, 25 Dec 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-05 23:52:15 +0000 (Thu, 05 Jan 2023)");
script_tag(name:"creation_date", value:"2024-12-24 05:00:23 +0000 (Tue, 24 Dec 2024)");
script_name("openSUSE: Security Advisory for gdb (SUSE-SU-2024:4414-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.6|openSUSELeap15\.4|openSUSELeap15\.5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2024:4414-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/XADET6R2KJRSII5ZV36JUKWSLM6HXUVH");
script_tag(name:"summary", value:"The remote host is missing an update for the 'gdb'
package(s) announced via the SUSE-SU-2024:4414-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for gdb fixes the following issues:
Mention changes in GDB 14:
* GDB now supports the AArch64 Scalable Matrix Extension 2 (SME2), which
includes a new 512 bit lookup table register named ZT0.
* The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature
string has been deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2'
feature string.
* GDB now has some support for integer types larger than 64 bits.
* Multi-target feature configuration. GDB now supports the individual
configuration of remote targets' feature sets. Based on the current
selection of a target, the commands 'set remote name>-packet (onoffauto)'
and 'show remote name>-packet' can be used to configure a target's feature
packet and to display its configuration, respectively.
* GDB has initial built-in support for the Debugger Adapter Protocol.
* For the break command, multiple uses of the 'thread' or 'task' keywords will
now give an error instead of just using the thread or task id from the last
instance of the keyword. E.g.: break foo thread 1 thread 2 will now give an
error rather than using 'thread 2'.
* For the watch command, multiple uses of the 'task' keyword will now give an
error instead of just using the task id from the last instance of the
keyword. E.g.: watch my_var task 1 task 2 will now give an error rather than
using 'task 2'. The 'thread' keyword already gave an error when used
multiple times with the watch command, this remains unchanged.
* The 'set print elements' setting now helps when printing large arrays. If an
array would otherwise exceed max-value-size, but 'print elements' is set
such that the size of elem ...
Description truncated. Please see the references for more information.");
script_tag(name:"affected", value:"'gdb' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5, openSUSE Leap 15.6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.6") {
if(!isnull(res = isrpmvuln(pkg:"gdb-debugsource", rpm:"gdb-debugsource~14.2~150400.15.20.1", rls:"openSUSELeap15.6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-debuginfo", rpm:"gdb-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver", rpm:"gdbserver~14.2~150400.15.20.1", rls:"openSUSELeap15.6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb", rpm:"gdb~14.2~150400.15.20.1", rls:"openSUSELeap15.6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver-debuginfo", rpm:"gdbserver-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-testresults", rpm:"gdb-testresults~14.2~150400.15.20.1", rls:"openSUSELeap15.6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"gdb-debugsource", rpm:"gdb-debugsource~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-debuginfo", rpm:"gdb-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver", rpm:"gdbserver~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb", rpm:"gdb~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver-debuginfo", rpm:"gdbserver-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-testresults", rpm:"gdb-testresults~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver-64bit", rpm:"gdbserver-64bit~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-64bit-debuginfo", rpm:"gdb-64bit-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver-64bit-debuginfo", rpm:"gdbserver-64bit-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-64bit", rpm:"gdb-64bit~14.2~150400.15.20.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeap15.5") {
if(!isnull(res = isrpmvuln(pkg:"gdb-debugsource", rpm:"gdb-debugsource~14.2~150400.15.20.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-debuginfo", rpm:"gdb-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver", rpm:"gdbserver~14.2~150400.15.20.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb", rpm:"gdb~14.2~150400.15.20.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdbserver-debuginfo", rpm:"gdbserver-debuginfo~14.2~150400.15.20.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gdb-testresults", rpm:"gdb-testresults~14.2~150400.15.20.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo