Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:2364-1

Опубликовано: 22 окт. 2019
Источник: suse-cvrf

Описание

Security update for gcc7

This update for gcc7 to r275405 fixes the following issues:

Security issues fixed:

  • CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649).
  • CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145).

Non-security issue fixed:

  • Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
cpp7-7.4.1+r275405-lp151.2.6.1
gcc7-7.4.1+r275405-lp151.2.6.1
gcc7-32bit-7.4.1+r275405-lp151.2.6.1
gcc7-ada-7.4.1+r275405-lp151.2.6.1
gcc7-ada-32bit-7.4.1+r275405-lp151.2.6.1
gcc7-c++-7.4.1+r275405-lp151.2.6.1
gcc7-c++-32bit-7.4.1+r275405-lp151.2.6.1
gcc7-fortran-7.4.1+r275405-lp151.2.6.1
gcc7-fortran-32bit-7.4.1+r275405-lp151.2.6.1
gcc7-go-7.4.1+r275405-lp151.2.6.1
gcc7-go-32bit-7.4.1+r275405-lp151.2.6.1
gcc7-info-7.4.1+r275405-lp151.2.6.1
gcc7-locale-7.4.1+r275405-lp151.2.6.1
gcc7-obj-c++-7.4.1+r275405-lp151.2.6.1
gcc7-obj-c++-32bit-7.4.1+r275405-lp151.2.6.1
gcc7-objc-7.4.1+r275405-lp151.2.6.1
gcc7-objc-32bit-7.4.1+r275405-lp151.2.6.1
libada7-7.4.1+r275405-lp151.2.6.1
libada7-32bit-7.4.1+r275405-lp151.2.6.1
libasan4-7.4.1+r275405-lp151.2.6.1
libasan4-32bit-7.4.1+r275405-lp151.2.6.1
libcilkrts5-7.4.1+r275405-lp151.2.6.1
libcilkrts5-32bit-7.4.1+r275405-lp151.2.6.1
libgfortran4-7.4.1+r275405-lp151.2.6.1
libgfortran4-32bit-7.4.1+r275405-lp151.2.6.1
libgo11-7.4.1+r275405-lp151.2.6.1
libgo11-32bit-7.4.1+r275405-lp151.2.6.1
libobjc4-7.4.1+r275405-lp151.2.6.1
libobjc4-32bit-7.4.1+r275405-lp151.2.6.1
libstdc++6-devel-gcc7-7.4.1+r275405-lp151.2.6.1
libstdc++6-devel-gcc7-32bit-7.4.1+r275405-lp151.2.6.1
libubsan0-7.4.1+r275405-lp151.2.6.1
libubsan0-32bit-7.4.1+r275405-lp151.2.6.1

Ссылки

Описание

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

Затронутые продукты
openSUSE Leap 15.1:cpp7-7.4.1+r275405-lp151.2.6.1
openSUSE Leap 15.1:gcc7-32bit-7.4.1+r275405-lp151.2.6.1
openSUSE Leap 15.1:gcc7-7.4.1+r275405-lp151.2.6.1
openSUSE Leap 15.1:gcc7-ada-32bit-7.4.1+r275405-lp151.2.6.1
Ссылки

Описание

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Затронутые продукты
openSUSE Leap 15.1:cpp7-7.4.1+r275405-lp151.2.6.1
openSUSE Leap 15.1:gcc7-32bit-7.4.1+r275405-lp151.2.6.1
openSUSE Leap 15.1:gcc7-7.4.1+r275405-lp151.2.6.1
openSUSE Leap 15.1:gcc7-ada-32bit-7.4.1+r275405-lp151.2.6.1
Ссылки