Jan Kratochvil

**Name of the Vulnerable Software and Affected Versions** GNU Project Debugger (GDB) versions prior to 7.5 **Description** The issue allows local users to gain privileges via crafted files, such as Python scripts, when .debug gdb scripts is defined. This occurs because GDB automatically loads certain files from the current working directory. **Recommendations** For versions prior to 7.5, update to version 7.5 or later to resolve the issue. As a temporary workaround, consider disabling the automatic loading of files from the current working directory when .debug gdb scripts is defined, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.27-rc6 linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a linux-image-2.6.24-etchnhalf.1-s390-tape linux-headers-2.6.24-etchnhalf.1-all-ia64 linux-image-2.6.24-etchnhalf.1-parisc-smp linux-headers-2.6.24-etchnhalf.1-itanium linux-image-2.6.24-etchnhalf.1-r5k-cobalt linux-headers-2.6.24-etchnhalf.1-parisc64 linux-headers-2.6.24-etchnhalf.1-amd64 linux-image-2.6.24-etchnhalf.1-iop32x linux-manual-2.6.24 linux-headers-2.6.24-etchnhalf.1-all-amd64 linux-image-2.6.24-etchnhalf.1-sparc64-smp linux-image-2.6.24-etchnhalf.1-alpha-smp linux-image-2.6.24-etchnhalf.1-sparc64 linux-image-2.6.24-etchnhalf.1-amd64 linux-image-2.6.24-etchnhalf.1-686 linux-image-2.6.24-etchnhalf.1-powerpc linux-doc-2.6.24 linux-support-2.6.24-etchnhalf.1 linux-source-2.6.24 linux-headers-2.6.24-etchnhalf.1-powerpc-miboot linux-image-2.6.24-etchnhalf.1-alpha-legacy linux-image-2.6.24-etchnhalf.1-powerpc64 linux-image-2.6.24-etchnhalf.1-powerpc-smp linux-image-2.6.24-etchnhalf.1-alpha-generic linux-headers-2.6.24-etchnhalf.1-all-arm linux-image-2.6.24-etchnhalf.1-parisc64-smp linux-headers-2.6.24-etchnhalf.1-footbridge linux-headers-2.6.24-etchnhalf.1-all-i386 linux-headers-2.6.24-etchnhalf.1-all-sparc linux-image-2.6.24-etchnhalf.1-footbridge linux-image-2.6.24-etchnhalf.1-powerpc-miboot linux-headers-2.6.24-etchnhalf.1-alpha-legacy linux-image-2.6.24-etchnhalf.1-686-bigmem linux-image-2.6.24-etchnhalf.1-parisc64 linux-image-2.6.24-etchnhalf.1-s390 linux-headers-2.6.24-etchnhalf.1-powerpc64 linux-headers-2.6.24-etchnhalf.1-parisc-smp linux-image-2.6.24-etchnhalf.1-mckinley linux-headers-2.6.24-etchnhalf.1-sparc64-smp linux-image-2.6.24-etchnhalf.1-486 linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a linux-patch-debian-2.6.24 linux-tree-2.6.24 linux-headers-2.6.24-etchnhalf.1-sparc64 linux-headers-2.6.24-etchnhalf.1-r5k-cobalt linux-headers-2.6.24-etchnhalf.1-powerpc-smp linux-image-2.6.24-etchnhalf.1-parisc linux-headers-2.6.24-etchnhalf.1-all-alpha linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b linux-headers-2.6.24-etchnhalf.1-486 linux-headers-2.6.24-etchnhalf.1-all-hppa linux-headers-2.6.24-etchnhalf.1-686 linux-headers-2.6.24-etchnhalf.1-all-powerpc linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b linux-headers-2.6.24-etchnhalf.1-powerpc linux-image-2.6.24-etchnhalf.1-ixp4xx linux-headers-2.6.24-etchnhalf.1-iop32x linux-image-2.6.24-etchnhalf.1-4kc-malta linux-headers-2.6.24-etchnhalf.1-686-bigmem linux-headers-2.6.24-etchnhalf.1-common linux-image-2.6.24-etchnhalf.1-s390x linux-headers-2.6.24-etchnhalf.1-all-mipsel linux-headers-2.6.24-etchnhalf.1-alpha-smp linux-headers-2.6.24-etchnhalf.1-all-s390 linux-headers-2.6.24-etchnhalf.1-5kc-malta linux-headers-2.6.24-etchnhalf.1-s390 linux-headers-2.6.24-etchnhalf.1-ixp4xx linux-image-2.6.24-etchnhalf.1-itanium linux-headers-2.6.24-etchnhalf.1-alpha-generic linux-headers-2.6.24-etchnhalf.1-mckinley linux-headers-2.6.24-etchnhalf.1-all linux-headers-2.6.24-etchnhalf.1-parisc linux-image-2.6.24-etchnhalf.1-5kc-malta linux-headers-2.6.24-etchnhalf.1-parisc64-smp linux-headers-2.6.24-etchnhalf.1-s390x linux-headers-2.6.24-etchnhalf.1-4kc-malta **Description** The issue affects the Linux kernel and various Debian GNU/Linux packages, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The vulnerability in the Linux kernel, specifically in the arch/s390/kernel/ptrace.c file, allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.