Package: gdb Version: 6.3-5 Severity: grave Tags: security Justification: user security hole
An integer overflow in parsing ELF segment headers has been found that can potentially be exploited to corrupt the heap and execute arbitrary code. See http://bugs.gentoo.org/show_bug.cgi?id=91398 for a crafted test binary (without malicious effects) and pointers to more information. SuSE supposedly has prepared a patch, but I couldn't find it yet. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gdb depends on: ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libncurses5 5.4-4 Shared libraries for terminal hand ii libreadline4 4.3-15 GNU readline and history libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]