Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SUSE: Security Advisory (SUSE-SU-2024:4413-1)

🗓️ 24 Dec 2024 00:00:00Reported by Copyright (C) 2024 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 5 Views

SUSE Security Advisory updates 'gdb' package, addressing vulnerabilities and support improvements.

Show more
Related
Refs
Code
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2024.4413.1");
  script_cve_id("CVE-2022-4806");
  script_tag(name:"creation_date", value:"2024-12-24 04:16:40 +0000 (Tue, 24 Dec 2024)");
  script_version("2024-12-25T05:05:36+0000");
  script_tag(name:"last_modification", value:"2024-12-25 05:05:36 +0000 (Wed, 25 Dec 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-01-05 23:52:15 +0000 (Thu, 05 Jan 2023)");

  script_name("SUSE: Security Advisory (SUSE-SU-2024:4413-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP2|SLES15\.0SP3)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2024:4413-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2024/suse-su-20244413-1/");
  script_xref(name:"URL", value:"https://no-color.org/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'gdb' package(s) announced via the SUSE-SU-2024:4413-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for gdb fixes the following issues:
Mention changes in GDB 14:

GDB now supports the AArch64 Scalable Matrix Extension 2
 (SME2), which includes a new 512 bit lookup table register
 named ZT0.
GDB now supports the AArch64 Scalable Matrix Extension (SME),
 which includes a new matrix register named ZA, a new thread
 register TPIDR2 and a new vector length register SVG
 (streaming vector granule). GDB also supports tracking ZA
 state across signal frames. Some features are still under
 development or are dependent on ABI specs that are still in
 alpha stage. For example, manual function calls with ZA state
 don't have any special handling, and tracking of SVG changes
 based on DWARF information is still not implemented, but there
 are plans to do so in the future.
GDB now recognizes the NO_COLOR environment variable and
 disables styling according to the spec. See
 [link moved to references]. Styling can be re-enabled with
 'set style enabled on'.
The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication
 feature string has been deprecated in favor of the
 'org.gnu.gdb.aarch64.pauth_v2' feature string.
GDB now has some support for integer types larger than 64 bits.
Multi-target feature configuration.
 GDB now supports the individual configuration of remote
 targets' feature sets. Based on the current selection of a
 target, the commands 'set remote <name>-packet (on<pipe>off<pipe>auto)'
 and 'show remote <name>-packet' can be used to configure a
 target's feature packet and to display its configuration,
 respectively.
GDB has initial built-in support for the Debugger Adapter
 Protocol.
For the break command, multiple uses of the 'thread' or 'task'
 keywords will now give an error instead of just using the
 thread or task id from the last instance of the keyword. E.g.:
 break foo thread 1 thread 2
 will now give an error rather than using 'thread 2'.
For the watch command, multiple uses of the 'task' keyword will
 now give an error instead of just using the task id from the
 last instance of the keyword. E.g.:
 watch my_var task 1 task 2
 will now give an error rather than using 'task 2'. The
 'thread' keyword already gave an error when used multiple times
 with the watch command, this remains unchanged.
The 'set print elements' setting now helps when printing large
 arrays. If an array would otherwise exceed max-value-size, but
 'print elements' is set such that the size of elements to print
 is less than or equal to 'max-value-size', GDB will now still
 print the array, however only 'max-value-size' worth of data
 will be added into the value history.
For both the break and watch commands, it is now invalid to use
 both the 'thread' and 'task' keywords within the same command.
 For example the following commnds will now give an error:
 break foo thread 1 task 1
 watch var thread 2 task 3 The printf command now accepts a '%V' output format which will
 ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'gdb' package(s) on SUSE Enterprise Storage 7.1, SUSE Linux Enterprise High Performance Computing 15-SP2, SUSE Linux Enterprise High Performance Computing 15-SP3, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server 15-SP3, SUSE Linux Enterprise Server for SAP Applications 15-SP2, SUSE Linux Enterprise Server for SAP Applications 15-SP3.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES15.0SP2") {

  if(!isnull(res = isrpmvuln(pkg:"gdb", rpm:"gdb~14.2~150100.8.45.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdb-debuginfo", rpm:"gdb-debuginfo~14.2~150100.8.45.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdb-debugsource", rpm:"gdb-debugsource~14.2~150100.8.45.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdbserver", rpm:"gdbserver~14.2~150100.8.45.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdbserver-debuginfo", rpm:"gdbserver-debuginfo~14.2~150100.8.45.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES15.0SP3") {

  if(!isnull(res = isrpmvuln(pkg:"gdb", rpm:"gdb~14.2~150100.8.45.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdb-debuginfo", rpm:"gdb-debuginfo~14.2~150100.8.45.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdb-debugsource", rpm:"gdb-debugsource~14.2~150100.8.45.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdbserver", rpm:"gdbserver~14.2~150100.8.45.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"gdbserver-debuginfo", rpm:"gdbserver-debuginfo~14.2~150100.8.45.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Dec 2024 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS35.3 - 8.2
suse security advisorygdb package updatevulnerability fixaarch64 supportcve-2022-4806
5
.json
Report