An update for gdb is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2628 Final 1.0 1.0 2025-11-07 Initial 2025-11-07 2025-11-07 openEuler SA Tool V1.0 2025-11-07 gdb security update An update for gdb is now available for openEuler-24.03-LTS GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fix(es): A critical vulnerability (CWE-122) has been found in GNU Binutils 2.45. This is a heap overflow condition where the buffer overflow occurs in the heap memory region, generally meaning the buffer was allocated using routines like malloc(). This vulnerability impacts confidentiality, integrity, and availability. The exploit is available for download at sourceware.org and is declared as proof-of-concept. The code maintainer replied with [f]ixed for 2.46 . Applying patch 9ca499644a21ceb3f946d1c179c38a83be084490 can eliminate this problem. The bugfix is ready for download at sourceware.org.(CVE-2025-11083) A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.(CVE-2025-11412) A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.(CVE-2025-11840) An update for gdb is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gdb https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2628 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11083 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11412 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 openEuler-24.03-LTS gdb-help-14.1-11.oe2403.noarch.rpm gdb-14.1-11.oe2403.aarch64.rpm gdb-debuginfo-14.1-11.oe2403.aarch64.rpm gdb-debugsource-14.1-11.oe2403.aarch64.rpm gdb-gdbserver-14.1-11.oe2403.aarch64.rpm gdb-headless-14.1-11.oe2403.aarch64.rpm gdb-14.1-11.oe2403.src.rpm gdb-14.1-11.oe2403.x86_64.rpm gdb-debuginfo-14.1-11.oe2403.x86_64.rpm gdb-debugsource-14.1-11.oe2403.x86_64.rpm gdb-gdbserver-14.1-11.oe2403.x86_64.rpm gdb-headless-14.1-11.oe2403.x86_64.rpm A critical vulnerability (CWE-122) has been found in GNU Binutils 2.45. This is a heap overflow condition where the buffer overflow occurs in the heap memory region, generally meaning the buffer was allocated using routines like malloc(). This vulnerability impacts confidentiality, integrity, and availability. The exploit is available for download at sourceware.org and is declared as proof-of-concept. The code maintainer replied with [f]ixed for 2.46 . Applying patch 9ca499644a21ceb3f946d1c179c38a83be084490 can eliminate this problem. The bugfix is ready for download at sourceware.org. 2025-11-07 CVE-2025-11083 openEuler-24.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H gdb security update 2025-11-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2628 A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. 2025-11-07 CVE-2025-11412 openEuler-24.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H gdb security update 2025-11-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2628 A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue. 2025-11-07 CVE-2025-11840 openEuler-24.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H gdb security update 2025-11-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2628