An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-2002
Final
1.0
1.0
2022-10-21
Initial
2022-10-21
2022-10-21
openEuler SA Tool V1.0
2022-10-21
crash security update
An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from dump creation facilities such as kdump, kvmdump, xendump, the netdump and diskdump packages offered by Red Hat, the LKCD kernel patch, the mcore kernel patch created by Mission Critical Linux, as well as other formats created by manufacturer-specific firmware.
Security Fix(es):
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)
An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
crash
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2002
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2019-1010180
https://nvd.nist.gov/vuln/detail/CVE-2019-1010180
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
crash-7.2.8-4.oe1.aarch64.rpm
crash-devel-7.2.8-4.oe1.aarch64.rpm
crash-debuginfo-7.2.8-4.oe1.aarch64.rpm
crash-debugsource-7.2.8-4.oe1.aarch64.rpm
crash-debuginfo-7.2.8-4.oe1.aarch64.rpm
crash-devel-7.2.8-4.oe1.aarch64.rpm
crash-7.2.8-4.oe1.aarch64.rpm
crash-debugsource-7.2.8-4.oe1.aarch64.rpm
crash-devel-7.3.0-6.oe2203.aarch64.rpm
crash-debugsource-7.3.0-6.oe2203.aarch64.rpm
crash-debuginfo-7.3.0-6.oe2203.aarch64.rpm
crash-7.3.0-6.oe2203.aarch64.rpm
crash-help-7.2.8-4.oe1.noarch.rpm
crash-help-7.2.8-4.oe1.noarch.rpm
crash-help-7.3.0-6.oe2203.noarch.rpm
crash-7.2.8-4.oe1.src.rpm
crash-7.2.8-4.oe1.src.rpm
crash-7.3.0-6.oe2203.src.rpm
crash-debugsource-7.2.8-4.oe1.x86_64.rpm
crash-devel-7.2.8-4.oe1.x86_64.rpm
crash-7.2.8-4.oe1.x86_64.rpm
crash-debuginfo-7.2.8-4.oe1.x86_64.rpm
crash-7.2.8-4.oe1.x86_64.rpm
crash-devel-7.2.8-4.oe1.x86_64.rpm
crash-debuginfo-7.2.8-4.oe1.x86_64.rpm
crash-debugsource-7.2.8-4.oe1.x86_64.rpm
crash-debuginfo-7.3.0-6.oe2203.x86_64.rpm
crash-debugsource-7.3.0-6.oe2203.x86_64.rpm
crash-devel-7.3.0-6.oe2203.x86_64.rpm
crash-7.3.0-6.oe2203.x86_64.rpm
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.
2022-10-21
CVE-2019-1010180
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
crash security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2002