SUSE-SU-2016:0908-2

Опубликовано: 30 мар. 2016

Источник: suse-cvrf

Описание

Security update for gcc5

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements.

The following security issue has been fixed:

Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842)

The following non-security issues have been fixed:

Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220)
Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468)
Fix HTM built-ins on PowerPC. (bsc#955382)
Fix libgo certificate lookup. (bsc#953831)
Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460)
Revert accidental libffi ABI breakage on aarch64. (bsc#968771)
On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586.
Add experimental File System TS library.

Список пакетов

SUSE Linux Enterprise Desktop 11 SP4

libgcc_s1-5.3.1+r233831-10.1

libgcc_s1-32bit-5.3.1+r233831-10.1

libgfortran3-5.3.1+r233831-10.1

libgfortran3-32bit-5.3.1+r233831-10.1

libgomp1-5.3.1+r233831-10.1

libgomp1-32bit-5.3.1+r233831-10.1

libquadmath0-5.3.1+r233831-10.1

libquadmath0-32bit-5.3.1+r233831-10.1

libstdc++6-5.3.1+r233831-10.1

libstdc++6-32bit-5.3.1+r233831-10.1

libstdc++6-locale-5.3.1+r233831-10.1

SUSE Linux Enterprise Server 11 SP4

libatomic1-5.3.1+r233831-10.1

libatomic1-32bit-5.3.1+r233831-10.1

libffi4-5.3.1+r233831-10.1

libffi4-32bit-5.3.1+r233831-10.1

libgcc_s1-5.3.1+r233831-10.1

libgcc_s1-32bit-5.3.1+r233831-10.1

libgfortran3-5.3.1+r233831-10.1

libgfortran3-32bit-5.3.1+r233831-10.1

libgomp1-5.3.1+r233831-10.1

libgomp1-32bit-5.3.1+r233831-10.1

libquadmath0-5.3.1+r233831-10.1

libquadmath0-32bit-5.3.1+r233831-10.1

libstdc++6-5.3.1+r233831-10.1

libstdc++6-32bit-5.3.1+r233831-10.1

libstdc++6-locale-5.3.1+r233831-10.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

libatomic1-5.3.1+r233831-10.1

libatomic1-32bit-5.3.1+r233831-10.1

libffi4-5.3.1+r233831-10.1

libffi4-32bit-5.3.1+r233831-10.1

libgcc_s1-5.3.1+r233831-10.1

libgcc_s1-32bit-5.3.1+r233831-10.1

libgfortran3-5.3.1+r233831-10.1

libgfortran3-32bit-5.3.1+r233831-10.1

libgomp1-5.3.1+r233831-10.1

libgomp1-32bit-5.3.1+r233831-10.1

libquadmath0-5.3.1+r233831-10.1

libquadmath0-32bit-5.3.1+r233831-10.1

libstdc++6-5.3.1+r233831-10.1

libstdc++6-32bit-5.3.1+r233831-10.1

libstdc++6-locale-5.3.1+r233831-10.1

SUSE Linux Enterprise Software Development Kit 11 SP4

cpp5-5.3.1+r233831-10.1

gcc5-5.3.1+r233831-10.1

gcc5-32bit-5.3.1+r233831-10.1

gcc5-c++-5.3.1+r233831-10.1

gcc5-c++-32bit-5.3.1+r233831-10.1

gcc5-fortran-5.3.1+r233831-10.1

gcc5-fortran-32bit-5.3.1+r233831-10.1

gcc5-info-5.3.1+r233831-10.1

gcc5-locale-5.3.1+r233831-10.1

libasan2-5.3.1+r233831-10.1

libasan2-32bit-5.3.1+r233831-10.1

libatomic1-5.3.1+r233831-10.1

libcilkrts5-5.3.1+r233831-10.1

libcilkrts5-32bit-5.3.1+r233831-10.1

libffi-devel-gcc5-5.3.1+r233831-10.1

libffi-devel-gcc5-32bit-5.3.1+r233831-10.1

libgfortran3-5.3.1+r233831-10.1

libitm1-5.3.1+r233831-10.1

libitm1-32bit-5.3.1+r233831-10.1

liblsan0-5.3.1+r233831-10.1

libquadmath0-5.3.1+r233831-10.1

libstdc++6-devel-gcc5-5.3.1+r233831-10.1

libstdc++6-devel-gcc5-32bit-5.3.1+r233831-10.1

libtsan0-5.3.1+r233831-10.1

libubsan0-5.3.1+r233831-10.1

libubsan0-32bit-5.3.1+r233831-10.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20160908-2/
Link for SUSE-SU-2016:0908-2
https://lists.suse.com/pipermail/sle-security-updates/2016-March/001973.html
E-Mail link for SUSE-SU-2016:0908-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/939460
SUSE Bug 939460
https://bugzilla.suse.com/945842
SUSE Bug 945842
https://bugzilla.suse.com/953831
SUSE Bug 953831
https://bugzilla.suse.com/955382
SUSE Bug 955382
https://bugzilla.suse.com/962765
SUSE Bug 962765
https://bugzilla.suse.com/964468
SUSE Bug 964468
https://bugzilla.suse.com/966220
SUSE Bug 966220
https://bugzilla.suse.com/968771
SUSE Bug 968771
https://www.suse.com/security/cve/CVE-2015-5276/
SUSE CVE CVE-2015-5276 page

Описание

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP4:libgcc_s1-32bit-5.3.1+r233831-10.1

SUSE Linux Enterprise Desktop 11 SP4:libgcc_s1-5.3.1+r233831-10.1

SUSE Linux Enterprise Desktop 11 SP4:libgfortran3-32bit-5.3.1+r233831-10.1

SUSE Linux Enterprise Desktop 11 SP4:libgfortran3-5.3.1+r233831-10.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-5276.html
CVE-2015-5276
https://bugzilla.suse.com/945842
SUSE Bug 945842

SUSE-SU-2016:0908-2

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP4

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2015-5276

Описание

Затронутые продукты

Ссылки