A new update is available for Fedora Core - [SECURITY] Fedora Core 3 Update: gdb-6.1post-1.20040607.43.0.1. Here the announcement:
Fedora Update Notification
FEDORA-2005-1032
2005-10-27
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gdb
Version : 6.1post
Release : 1.20040607.43.0.1
Summary : A GNU source-level debugger for C, C++ and other languages.
Description :
GDB, the GNU debugger, allows you to debug programs written in C, C++,
and other languages, by executing them in a controlled fashion and
printing their data.
---------------------------------------------------------------------
Update Information:
This is an fc3 update for gdb regarding security issues:
CAN-2005-1704 Integer Overflow in gdb
This problem is that gdb's internal copy of bfd
does not protect against heap-based overflow.
CAN-2005-1705 gdb arbitrary command execution
This problem allows unprotected .gdbinit files
to execute arbitrary commands during gdb startup.
Fixes for both problems are found in:
gdb-6.1post-1.20040607.43.0.1
---------------------------------------------------------------------
* Tue Oct 4 2005 Jeff Johnston <jjohnstn@redhat.com> 1.200400607.43.0.1
- Security errata to handle untrusted .gdbinit and bfd integer overflow.
- Bugzilla 158683 and bugzilla 158686
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
b8b1221e0bee3f36f56d97a5a14f967e SRPMS/gdb-6.1post-1.20040607.43.0.1.src.rpm
5888949940a560c9ba95df6e06d844c1 x86_64/gdb-6.1post-1.20040607.43.0.1.x86_64.rpm
503a943143b7d0493f138db9d3884829 x86_64/debug/gdb-debuginfo-6.1post-1.20040607.43.0.1.x86_64.rpm
1c0c3d31110fef65ebde55bc1c77bde1 i386/gdb-6.1post-1.20040607.43.0.1.i386.rpm
36c25e23d587ebf23099e4bf300e8ae2 i386/debug/gdb-debuginfo-6.1post-1.20040607.43.0.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.