Описание
ELSA-2023-12788: gcc security update (LOW)
gcc [el8] [8.5.0-18.0.5]
- CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch.
- CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
gcc [el9] [11.3.1-4.3.0.4]
- CVE-2023-4039 GCC mitigation. Orabug 35751837.
- CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6]
- CVE-2023-4039 GCC mitigation. Orabug 35751885.
- CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi jose.marchesi@oracle.com
gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2]
- CVE-2023-4039 GCC mitigation. Orabug 35751931.
- CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch
- Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE.
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
cpp
11.3.1-4.3.0.4.el9
gcc
11.3.1-4.3.0.4.el9
gcc-c++
11.3.1-4.3.0.4.el9
gcc-gfortran
11.3.1-4.3.0.4.el9
gcc-plugin-annobin
11.3.1-4.3.0.4.el9
gcc-plugin-devel
11.3.1-4.3.0.4.el9
gcc-toolset-12-gcc
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-c++
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-gfortran
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-plugin-annobin
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-plugin-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libasan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libatomic-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libgccjit
12.2.1-7.4.0.2.el9
gcc-toolset-12-libgccjit-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libgccjit-docs
12.2.1-7.4.0.2.el9
gcc-toolset-12-libitm-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-liblsan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libstdc++-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libstdc++-docs
12.2.1-7.4.0.2.el9
gcc-toolset-12-libtsan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libubsan-devel
12.2.1-7.4.0.2.el9
libasan
11.3.1-4.3.0.4.el9
libasan8
12.2.1-7.4.0.2.el9
libatomic
11.3.1-4.3.0.4.el9
libgcc
11.3.1-4.3.0.4.el9
libgccjit
11.3.1-4.3.0.4.el9
libgccjit-devel
11.3.1-4.3.0.4.el9
libgfortran
11.3.1-4.3.0.4.el9
libgomp
11.3.1-4.3.0.4.el9
libitm
11.3.1-4.3.0.4.el9
libitm-devel
11.3.1-4.3.0.4.el9
liblsan
11.3.1-4.3.0.4.el9
libstdc++
11.3.1-4.3.0.4.el9
libstdc++-devel
11.3.1-4.3.0.4.el9
libstdc++-docs
11.3.1-4.3.0.4.el9
libstdc++-static
11.3.1-4.3.0.4.el9
libtsan
11.3.1-4.3.0.4.el9
libtsan2
12.2.1-7.4.0.2.el9
libubsan
11.3.1-4.3.0.4.el9
Oracle Linux x86_64
cpp
11.3.1-4.3.0.4.el9
gcc
11.3.1-4.3.0.4.el9
gcc-c++
11.3.1-4.3.0.4.el9
gcc-gfortran
11.3.1-4.3.0.4.el9
gcc-offload-nvptx
11.3.1-4.3.0.4.el9
gcc-plugin-annobin
11.3.1-4.3.0.4.el9
gcc-plugin-devel
11.3.1-4.3.0.4.el9
gcc-toolset-12-gcc
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-c++
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-gfortran
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-plugin-annobin
12.2.1-7.4.0.2.el9
gcc-toolset-12-gcc-plugin-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libasan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libatomic-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libgccjit
12.2.1-7.4.0.2.el9
gcc-toolset-12-libgccjit-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libgccjit-docs
12.2.1-7.4.0.2.el9
gcc-toolset-12-libitm-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-liblsan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libquadmath-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libstdc++-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libstdc++-docs
12.2.1-7.4.0.2.el9
gcc-toolset-12-libtsan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-libubsan-devel
12.2.1-7.4.0.2.el9
gcc-toolset-12-offload-nvptx
12.2.1-7.4.0.2.el9
libasan
11.3.1-4.3.0.4.el9
libasan8
12.2.1-7.4.0.2.el9
libatomic
11.3.1-4.3.0.4.el9
libgcc
11.3.1-4.3.0.4.el9
libgccjit
11.3.1-4.3.0.4.el9
libgccjit-devel
11.3.1-4.3.0.4.el9
libgfortran
11.3.1-4.3.0.4.el9
libgomp
11.3.1-4.3.0.4.el9
libgomp-offload-nvptx
11.3.1-4.3.0.4.el9
libitm
11.3.1-4.3.0.4.el9
libitm-devel
11.3.1-4.3.0.4.el9
liblsan
11.3.1-4.3.0.4.el9
libquadmath
11.3.1-4.3.0.4.el9
libquadmath-devel
11.3.1-4.3.0.4.el9
libstdc++
11.3.1-4.3.0.4.el9
libstdc++-devel
11.3.1-4.3.0.4.el9
libstdc++-docs
11.3.1-4.3.0.4.el9
libstdc++-static
11.3.1-4.3.0.4.el9
libtsan
11.3.1-4.3.0.4.el9
libtsan2
12.2.1-7.4.0.2.el9
libubsan
11.3.1-4.3.0.4.el9
Oracle Linux 8
Oracle Linux aarch64
cpp
8.5.0-18.0.5.el8
gcc
8.5.0-18.0.5.el8
gcc-c++
8.5.0-18.0.5.el8
gcc-gdb-plugin
8.5.0-18.0.5.el8
gcc-gfortran
8.5.0-18.0.5.el8
gcc-plugin-annobin
8.5.0-18.0.5.el8
gcc-plugin-devel
8.5.0-18.0.5.el8
gcc-toolset-11-gcc
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-c++
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-gdb-plugin
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-gfortran
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-plugin-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libasan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libatomic-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libgccjit
11.2.1-9.1.0.6.el8
gcc-toolset-11-libgccjit-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libgccjit-docs
11.2.1-9.1.0.6.el8
gcc-toolset-11-libitm-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-liblsan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libstdc++-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libstdc++-docs
11.2.1-9.1.0.6.el8
gcc-toolset-11-libtsan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libubsan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-12-gcc
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-c++
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-gfortran
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-plugin-annobin
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-plugin-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libasan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libatomic-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libgccjit
12.2.1-7.4.0.2.el8
gcc-toolset-12-libgccjit-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libgccjit-docs
12.2.1-7.4.0.2.el8
gcc-toolset-12-libitm-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-liblsan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libstdc++-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libstdc++-docs
12.2.1-7.4.0.2.el8
gcc-toolset-12-libtsan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libubsan-devel
12.2.1-7.4.0.2.el8
libasan
8.5.0-18.0.5.el8
libasan6
11.2.1-9.1.0.6.el8
libasan8
12.2.1-7.4.0.2.el8
libatomic
8.5.0-18.0.5.el8
libatomic-static
8.5.0-18.0.5.el8
libgcc
8.5.0-18.0.5.el8
libgfortran
8.5.0-18.0.5.el8
libgomp
8.5.0-18.0.5.el8
libitm
8.5.0-18.0.5.el8
libitm-devel
8.5.0-18.0.5.el8
liblsan
8.5.0-18.0.5.el8
libstdc++
8.5.0-18.0.5.el8
libstdc++-devel
8.5.0-18.0.5.el8
libstdc++-docs
8.5.0-18.0.5.el8
libstdc++-static
8.5.0-18.0.5.el8
libtsan
8.5.0-18.0.5.el8
libtsan2
12.2.1-7.4.0.2.el8
libubsan
8.5.0-18.0.5.el8
Oracle Linux x86_64
cpp
8.5.0-18.0.5.el8
gcc
8.5.0-18.0.5.el8
gcc-c++
8.5.0-18.0.5.el8
gcc-gdb-plugin
8.5.0-18.0.5.el8
gcc-gfortran
8.5.0-18.0.5.el8
gcc-offload-nvptx
8.5.0-18.0.5.el8
gcc-plugin-annobin
8.5.0-18.0.5.el8
gcc-plugin-devel
8.5.0-18.0.5.el8
gcc-toolset-11-gcc
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-c++
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-gdb-plugin
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-gfortran
11.2.1-9.1.0.6.el8
gcc-toolset-11-gcc-plugin-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libasan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libatomic-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libgccjit
11.2.1-9.1.0.6.el8
gcc-toolset-11-libgccjit-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libgccjit-docs
11.2.1-9.1.0.6.el8
gcc-toolset-11-libitm-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-liblsan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libquadmath-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libstdc++-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libstdc++-docs
11.2.1-9.1.0.6.el8
gcc-toolset-11-libtsan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-11-libubsan-devel
11.2.1-9.1.0.6.el8
gcc-toolset-12-gcc
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-c++
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-gfortran
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-plugin-annobin
12.2.1-7.4.0.2.el8
gcc-toolset-12-gcc-plugin-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libasan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libatomic-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libgccjit
12.2.1-7.4.0.2.el8
gcc-toolset-12-libgccjit-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libgccjit-docs
12.2.1-7.4.0.2.el8
gcc-toolset-12-libitm-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-liblsan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libquadmath-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libstdc++-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libstdc++-docs
12.2.1-7.4.0.2.el8
gcc-toolset-12-libtsan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-libubsan-devel
12.2.1-7.4.0.2.el8
gcc-toolset-12-offload-nvptx
12.2.1-7.4.0.2.el8
libasan
8.5.0-18.0.5.el8
libasan6
11.2.1-9.1.0.6.el8
libasan8
12.2.1-7.4.0.2.el8
libatomic
8.5.0-18.0.5.el8
libatomic-static
8.5.0-18.0.5.el8
libgcc
8.5.0-18.0.5.el8
libgfortran
8.5.0-18.0.5.el8
libgomp
8.5.0-18.0.5.el8
libgomp-offload-nvptx
8.5.0-18.0.5.el8
libitm
8.5.0-18.0.5.el8
libitm-devel
8.5.0-18.0.5.el8
liblsan
8.5.0-18.0.5.el8
libquadmath
8.5.0-18.0.5.el8
libquadmath-devel
8.5.0-18.0.5.el8
libstdc++
8.5.0-18.0.5.el8
libstdc++-devel
8.5.0-18.0.5.el8
libstdc++-docs
8.5.0-18.0.5.el8
libstdc++-static
8.5.0-18.0.5.el8
libtsan
8.5.0-18.0.5.el8
libtsan2
12.2.1-7.4.0.2.el8
libubsan
8.5.0-18.0.5.el8
Связанные CVE
Связанные уязвимости
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
**DISPUTED**A failure in the -fstack-protector feature in GCC-based to ...