An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2002 Final 1.0 1.0 2022-10-21 Initial 2022-10-21 2022-10-21 openEuler SA Tool V1.0 2022-10-21 crash security update An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from dump creation facilities such as kdump, kvmdump, xendump, the netdump and diskdump packages offered by Red Hat, the LKCD kernel patch, the mcore kernel patch created by Mission Critical Linux, as well as other formats created by manufacturer-specific firmware. Security Fix(es): GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180) An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High crash https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2002 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2019-1010180 https://nvd.nist.gov/vuln/detail/CVE-2019-1010180 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS crash-7.2.8-4.oe1.aarch64.rpm crash-devel-7.2.8-4.oe1.aarch64.rpm crash-debuginfo-7.2.8-4.oe1.aarch64.rpm crash-debugsource-7.2.8-4.oe1.aarch64.rpm crash-debuginfo-7.2.8-4.oe1.aarch64.rpm crash-devel-7.2.8-4.oe1.aarch64.rpm crash-7.2.8-4.oe1.aarch64.rpm crash-debugsource-7.2.8-4.oe1.aarch64.rpm crash-devel-7.3.0-6.oe2203.aarch64.rpm crash-debugsource-7.3.0-6.oe2203.aarch64.rpm crash-debuginfo-7.3.0-6.oe2203.aarch64.rpm crash-7.3.0-6.oe2203.aarch64.rpm crash-help-7.2.8-4.oe1.noarch.rpm crash-help-7.2.8-4.oe1.noarch.rpm crash-help-7.3.0-6.oe2203.noarch.rpm crash-7.2.8-4.oe1.src.rpm crash-7.2.8-4.oe1.src.rpm crash-7.3.0-6.oe2203.src.rpm crash-debugsource-7.2.8-4.oe1.x86_64.rpm crash-devel-7.2.8-4.oe1.x86_64.rpm crash-7.2.8-4.oe1.x86_64.rpm crash-debuginfo-7.2.8-4.oe1.x86_64.rpm crash-7.2.8-4.oe1.x86_64.rpm crash-devel-7.2.8-4.oe1.x86_64.rpm crash-debuginfo-7.2.8-4.oe1.x86_64.rpm crash-debugsource-7.2.8-4.oe1.x86_64.rpm crash-debuginfo-7.3.0-6.oe2203.x86_64.rpm crash-debugsource-7.3.0-6.oe2203.x86_64.rpm crash-devel-7.3.0-6.oe2203.x86_64.rpm crash-7.3.0-6.oe2203.x86_64.rpm GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. 2022-10-21 CVE-2019-1010180 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H crash security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2002