An update for gdb is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2629 Final 1.0 1.0 2025-11-07 Initial 2025-11-07 2025-11-07 openEuler SA Tool V1.0 2025-11-07 gdb security update An update for gdb is now available for openEuler-24.03-LTS-SP1 GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fix(es): A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.(CVE-2025-11412) A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.(CVE-2025-11840) An update for gdb is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium gdb https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2629 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11412 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 openEuler-24.03-LTS-SP1 gdb-help-14.1-11.oe2403sp1.noarch.rpm gdb-14.1-11.oe2403sp1.aarch64.rpm gdb-debuginfo-14.1-11.oe2403sp1.aarch64.rpm gdb-debugsource-14.1-11.oe2403sp1.aarch64.rpm gdb-gdbserver-14.1-11.oe2403sp1.aarch64.rpm gdb-headless-14.1-11.oe2403sp1.aarch64.rpm gdb-14.1-11.oe2403sp1.src.rpm gdb-14.1-11.oe2403sp1.x86_64.rpm gdb-debuginfo-14.1-11.oe2403sp1.x86_64.rpm gdb-debugsource-14.1-11.oe2403sp1.x86_64.rpm gdb-gdbserver-14.1-11.oe2403sp1.x86_64.rpm gdb-headless-14.1-11.oe2403sp1.x86_64.rpm A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. 2025-11-07 CVE-2025-11412 openEuler-24.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H gdb security update 2025-11-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2629 A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue. 2025-11-07 CVE-2025-11840 openEuler-24.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H gdb security update 2025-11-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2629