Описание
ELSA-2025-1338: gcc-toolset-14-gcc security update (MODERATE)
[14.2.1-7.1]
- disable jQuery use, don't ship jquery.js (CVE-2020-11023, RHEL-78284)
[14.2.1-7]
- update from releases/gcc-14 branch (RHEL-74062)
- PRs ada/113036, ada/113868, ada/115917, ada/117328, ada/117996, analyzer/115724, c/117641, c/117745, c/117802, c++/100358, c++/101463, c++/102594, c++/109859, c++/113108, c++/114854, c++/115008, c++/115430, c++/115657, c++/116108, c++/116634, c++/117158, c++/117317, c++/117614, c++/117615, c++/117792, c++/117825, c++/117845, c++/117880, c++/117925, c++/117985, c++/118060, c++/118069, driver/117942, fortran/84674, fortran/84869, fortran/105054, fortran/109105, fortran/109345, fortran/115070, fortran/115348, fortran/116388, fortran/117730, fortran/117763, fortran/117774, fortran/117791, fortran/117797, fortran/117819, fortran/117820, fortran/117843, fortran/117897, libgomp/117851, libstdc++/89624, libstdc++/106212, libstdc++/106676, libstdc++/108236, libstdc++/109517, libstdc++/109976, libstdc++/112349, libstdc++/112641, libstdc++/117520, libstdc++/117560, libstdc++/117822, libstdc++/117962, libstdc++/117966, libstdc++/118035, libstdc++/118093, middle-end/43374, middle-end/102674, middle-end/116997, middle-end/117433, middle-end/117458, middle-end/117459, middle-end/117847, middle-end/118024, modula2/114529, modula2/115003, modula2/115057, modula2/115164, modula2/115276, modula2/115328, modula2/115536, modula2/115540, modula2/115804, modula2/115823, modula2/115957, modula2/116048, modula2/116181, modula2/116378, modula2/116557, modula2/116918, modula2/117120, modula2/117371, modula2/117555, modula2/117660, modula2/117904, modula2/117948, other/116603, preprocessor/117118, rtl-optimization/113994, rtl-optimization/116799, rtl-optimization/117095, sanitizer/117960, target/64242, target/114801, target/114942, target/116371, target/116629, target/116999, target/117045, target/117105, target/117304, target/117357, target/117408, target/117418, target/117443, target/117500, target/117525, target/117562, target/117564, target/117642, target/117659, target/117675, target/117744, target/117926, testsuite/103298, testsuite/109360, tree-optimization/94589, tree-optimization/112376, tree-optimization/116463, tree-optimization/117142, tree-optimization/117254, tree-optimization/117307, tree-optimization/117333, tree-optimization/117398, tree-optimization/117417, tree-optimization/117439, tree-optimization/117574, tree-optimization/117594, tree-optimization/117612, tree-optimization/117912
- fix up -freport-bug default (#2330362, RHEL-73476)
- revert -mearly-ldp-fusion and -mlate-ldp-fusion default to enabled on aarch64 to match upstream (RHEL-74058)
- consider TARGET_EXPR invariant like SAVE_EXPR (PR c++/118509)
- have gfortran require install-info (RHEL-76087)
[14.2.1-1.2]
- bump NVR (RHEL-53492)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
gcc-toolset-14-gcc
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-c++
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-gfortran
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-plugin-annobin
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-plugin-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libasan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libatomic-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libgccjit
14.2.1-7.1.el8_10
gcc-toolset-14-libgccjit-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libitm-devel
14.2.1-7.1.el8_10
gcc-toolset-14-liblsan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libstdc++-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libstdc++-docs
14.2.1-7.1.el8_10
gcc-toolset-14-libtsan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libubsan-devel
14.2.1-7.1.el8_10
libasan8
14.2.1-7.1.el8_10
libtsan2
14.2.1-7.1.el8_10
Oracle Linux x86_64
gcc-toolset-14-gcc
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-c++
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-gfortran
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-plugin-annobin
14.2.1-7.1.el8_10
gcc-toolset-14-gcc-plugin-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libasan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libatomic-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libgccjit
14.2.1-7.1.el8_10
gcc-toolset-14-libgccjit-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libitm-devel
14.2.1-7.1.el8_10
gcc-toolset-14-liblsan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libquadmath-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libstdc++-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libstdc++-docs
14.2.1-7.1.el8_10
gcc-toolset-14-libtsan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-libubsan-devel
14.2.1-7.1.el8_10
gcc-toolset-14-offload-nvptx
14.2.1-7.1.el8_10
libasan8
14.2.1-7.1.el8_10
libtsan2
14.2.1-7.1.el8_10
Связанные CVE
Связанные уязвимости
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...
