Описание
Security update for gcc48
This update for GCC 4.8 provides the following fixes:
- Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842)
- Fix linker segmentation fault when building SLOF on ppc64le. (bsc#949000)
- Fix no_instrument_function attribute handling on PPC64 with -mprofile-kernel. (bsc#947791)
- Fix internal compiler error with aarch64 target using PCH and builtin functions. (bsc#947772)
- Fix libffi issues on aarch64. (bsc#948168)
Список пакетов
SUSE Linux Enterprise Desktop 12
cpp48-4.8.5-24.1
gcc48-4.8.5-24.1
gcc48-32bit-4.8.5-24.1
gcc48-c++-4.8.5-24.1
gcc48-gij-4.8.5-24.1
gcc48-gij-32bit-4.8.5-24.1
gcc48-info-4.8.5-24.1
libasan0-4.8.5-24.1
libasan0-32bit-4.8.5-24.1
libgcj48-4.8.5-24.1
libgcj48-32bit-4.8.5-24.1
libgcj48-jar-4.8.5-24.1
libgcj_bc1-4.8.5-24.1
libstdc++48-devel-4.8.5-24.1
libstdc++48-devel-32bit-4.8.5-24.1
SUSE Linux Enterprise Server 12
cpp48-4.8.5-24.1
gcc48-4.8.5-24.1
gcc48-32bit-4.8.5-24.1
gcc48-c++-4.8.5-24.1
gcc48-info-4.8.5-24.1
gcc48-locale-4.8.5-24.1
libasan0-4.8.5-24.1
libasan0-32bit-4.8.5-24.1
libstdc++48-devel-4.8.5-24.1
libstdc++48-devel-32bit-4.8.5-24.1
SUSE Linux Enterprise Server for SAP Applications 12
cpp48-4.8.5-24.1
gcc48-4.8.5-24.1
gcc48-32bit-4.8.5-24.1
gcc48-c++-4.8.5-24.1
gcc48-info-4.8.5-24.1
gcc48-locale-4.8.5-24.1
libasan0-4.8.5-24.1
libasan0-32bit-4.8.5-24.1
libstdc++48-devel-4.8.5-24.1
libstdc++48-devel-32bit-4.8.5-24.1
SUSE Linux Enterprise Software Development Kit 12
gcc48-ada-4.8.5-24.1
gcc48-fortran-4.8.5-24.1
gcc48-gij-4.8.5-24.1
gcc48-java-4.8.5-24.1
gcc48-obj-c++-4.8.5-24.1
gcc48-objc-4.8.5-24.1
gcc48-objc-32bit-4.8.5-24.1
libada48-4.8.5-24.1
libffi48-devel-4.8.5-24.1
libgcj48-4.8.5-24.1
libgcj48-devel-4.8.5-24.1
libgcj48-jar-4.8.5-24.1
libgcj_bc1-4.8.5-24.1
libobjc4-4.8.5-24.1
libobjc4-32bit-4.8.5-24.1
SUSE Linux Enterprise Workstation Extension 12
gcc48-gij-4.8.5-24.1
gcc48-gij-32bit-4.8.5-24.1
libgcj48-4.8.5-24.1
libgcj48-32bit-4.8.5-24.1
libgcj48-jar-4.8.5-24.1
libgcj_bc1-4.8.5-24.1
Ссылки
- Link for SUSE-SU-2015:1833-1
- E-Mail link for SUSE-SU-2015:1833-1
- SUSE Security Ratings
- SUSE Bug 945842
- SUSE Bug 947772
- SUSE Bug 947791
- SUSE Bug 948168
- SUSE Bug 949000
- SUSE CVE CVE-2015-5276 page
Описание
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:cpp48-4.8.5-24.1
SUSE Linux Enterprise Desktop 12:gcc48-32bit-4.8.5-24.1
SUSE Linux Enterprise Desktop 12:gcc48-4.8.5-24.1
SUSE Linux Enterprise Desktop 12:gcc48-c++-4.8.5-24.1
Ссылки
- CVE-2015-5276
- SUSE Bug 945842