(RHSA-2007:0229) Low: gdb security and bug fix update

GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion and then printing
their data.

Various buffer overflows and underflows were found in the DWARF expression
computation stack in GDB. If a user loaded an executable containing
malicious debugging information into GDB, an attacker might be able to
execute arbitrary code with the privileges of the user. (CVE-2006-4146)

This updated package also addresses the following issues:

• Fixed bogus 0x0 unwind of the thread’s topmost function clone(3).

• Fixed deadlock accessing invalid address; for corrupted backtraces.

• Fixed a race which occasionally left the detached processes stopped.

• Fixed ‘gcore’ command for 32bit debugged processes on 64bit hosts.

• Added support for TLS ‘errno’ for threaded programs missing its ‘-debuginfo’ package…

• Suggest TLS ‘errno’ resolving by hand if no threading was found…

• Added a fix to prevent stepping into asynchronously invoked signal handlers.

• Added a fix to avoid false warning on shared objects bfd close on Itanium.

• Fixed segmentation fault on the source display by ^X 1.

• Fixed object names keyboard completion.

• Added a fix to avoid crash of ‘info threads’ if stale threads exist.

• Fixed a bug where shared libraries occasionally failed to load .

• Fixed handling of exec() called by a threaded debugged program.

• Fixed rebuilding requirements of the gdb package itself on multilib systems.

• Fixed source directory pathname detection for the edit command.

All users of gdb should upgrade to this updated package, which contains
backported patches to resolve these issues.