Описание
Security update for gcc5
The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements.
The following security issue has been fixed:
- Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842)
The following non-security issues have been fixed:
- Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220)
- Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468)
- Fix HTM built-ins on PowerPC. (bsc#955382)
- Fix libgo certificate lookup. (bsc#953831)
- Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460)
- Build s390[x] with '--with-tune=z9-109 --with-arch=z900' on SLE11 again. (bsc#954002)
- Revert accidental libffi ABI breakage on aarch64. (bsc#968771)
- On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586.
- Add experimental File System TS library. This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
cpp5-5.3.1+r233831-6.1
gcc5-5.3.1+r233831-6.1
gcc5-32bit-5.3.1+r233831-6.1
gcc5-ada-5.3.1+r233831-6.1
gcc5-ada-32bit-5.3.1+r233831-6.1
gcc5-c++-5.3.1+r233831-6.1
gcc5-c++-32bit-5.3.1+r233831-6.1
gcc5-fortran-5.3.1+r233831-6.1
gcc5-fortran-32bit-5.3.1+r233831-6.1
gcc5-go-5.3.1+r233831-6.1
gcc5-go-32bit-5.3.1+r233831-6.1
gcc5-info-5.3.1+r233831-6.1
gcc5-locale-5.3.1+r233831-6.1
gcc5-testresults-5.3.1+r233831-6.2
libada5-5.3.1+r233831-6.1
libada5-32bit-5.3.1+r233831-6.1
libasan2-5.3.1+r233831-6.1
libasan2-32bit-5.3.1+r233831-6.1
libatomic1-5.3.1+r233831-6.1
libatomic1-32bit-5.3.1+r233831-6.1
libcilkrts5-5.3.1+r233831-6.1
libcilkrts5-32bit-5.3.1+r233831-6.1
libffi-devel-gcc5-5.3.1+r233831-6.1
libffi-devel-gcc5-32bit-5.3.1+r233831-6.1
libffi-gcc5-5.3.1+r233831-6.1
libffi4-5.3.1+r233831-6.1
libffi4-32bit-5.3.1+r233831-6.1
libgcc_s1-5.3.1+r233831-6.1
libgcc_s1-32bit-5.3.1+r233831-6.1
libgfortran3-5.3.1+r233831-6.1
libgfortran3-32bit-5.3.1+r233831-6.1
libgo7-5.3.1+r233831-6.1
libgo7-32bit-5.3.1+r233831-6.1
libgomp1-5.3.1+r233831-6.1
libgomp1-32bit-5.3.1+r233831-6.1
libitm1-5.3.1+r233831-6.1
libitm1-32bit-5.3.1+r233831-6.1
liblsan0-5.3.1+r233831-6.1
libmpx0-5.3.1+r233831-6.1
libmpx0-32bit-5.3.1+r233831-6.1
libmpxwrappers0-5.3.1+r233831-6.1
libmpxwrappers0-32bit-5.3.1+r233831-6.1
libquadmath0-5.3.1+r233831-6.1
libquadmath0-32bit-5.3.1+r233831-6.1
libstdc++6-5.3.1+r233831-6.1
libstdc++6-32bit-5.3.1+r233831-6.1
libstdc++6-devel-gcc5-5.3.1+r233831-6.1
libstdc++6-devel-gcc5-32bit-5.3.1+r233831-6.1
libstdc++6-locale-5.3.1+r233831-6.1
libtsan0-5.3.1+r233831-6.1
libubsan0-5.3.1+r233831-6.1
libubsan0-32bit-5.3.1+r233831-6.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1069-1
- SUSE Security Ratings
Описание
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
Затронутые продукты
openSUSE Leap 42.1:cpp5-5.3.1+r233831-6.1
openSUSE Leap 42.1:gcc5-32bit-5.3.1+r233831-6.1
openSUSE Leap 42.1:gcc5-5.3.1+r233831-6.1
openSUSE Leap 42.1:gcc5-ada-32bit-5.3.1+r233831-6.1
Ссылки
- CVE-2015-5276
- SUSE Bug 945842