An updated gdb package that fixes a security issue and various bugs is now
This update has been rated as having low security impact by the CentOS
Security Response Team.
GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion and then printing
Various buffer overflows and underflows were found in the DWARF expression
computation stack in GDB. If an attacker could trick a user into loading
an executable containing malicious debugging information into GDB, they may
be able to execute arbitrary code with the privileges of the user.
This updated package also addresses the following issues:
* Support on 64-bit hosts shared libraries debuginfo larger than 2GB.
* Fix a race occasionally leaving the detached processes stopped.
* Fix segmentation fault on the source display by ^X 1.
* Fix a crash on an opaque type dereference.
All users of gdb should upgrade to this updated package, which contains
backported patches to resolve these issues.