openSUSE-SU-2020:0716-1

Опубликовано: 26 мая 2020

Источник: suse-cvrf

Описание

Security update for gcc9

This update includes the GNU Compiler Collection 9.

This update ships the GCC 9.3 release.

A full changelog is provided by the GCC team on:

https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.

To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
Fixed miscompilation for vector shift on s390. (bsc#1141897)
Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
Includes fix for binutils version parsing
Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10.
Add gcc9 autodetect -g at lto link (bsc#1149995)
Install go tool buildid for bootstrapping go

Список пакетов

openSUSE Leap 15.1

cpp9-9.3.1+git1296-lp151.2.2

cross-nvptx-gcc9-9.3.1+git1296-lp151.2.1

cross-nvptx-newlib9-devel-9.3.1+git1296-lp151.2.1

gcc9-9.3.1+git1296-lp151.2.2

gcc9-32bit-9.3.1+git1296-lp151.2.2

gcc9-ada-9.3.1+git1296-lp151.2.2

gcc9-ada-32bit-9.3.1+git1296-lp151.2.2

gcc9-c++-9.3.1+git1296-lp151.2.2

gcc9-c++-32bit-9.3.1+git1296-lp151.2.2

gcc9-fortran-9.3.1+git1296-lp151.2.2

gcc9-fortran-32bit-9.3.1+git1296-lp151.2.2

gcc9-go-9.3.1+git1296-lp151.2.2

gcc9-go-32bit-9.3.1+git1296-lp151.2.2

gcc9-info-9.3.1+git1296-lp151.2.2

gcc9-locale-9.3.1+git1296-lp151.2.2

libada9-9.3.1+git1296-lp151.2.2

libada9-32bit-9.3.1+git1296-lp151.2.2

libasan5-9.3.1+git1296-lp151.2.2

libasan5-32bit-9.3.1+git1296-lp151.2.2

libatomic1-9.3.1+git1296-lp151.2.2

libatomic1-32bit-9.3.1+git1296-lp151.2.2

libgcc_s1-9.3.1+git1296-lp151.2.2

libgcc_s1-32bit-9.3.1+git1296-lp151.2.2

libgfortran5-9.3.1+git1296-lp151.2.2

libgfortran5-32bit-9.3.1+git1296-lp151.2.2

libgo14-9.3.1+git1296-lp151.2.2

libgo14-32bit-9.3.1+git1296-lp151.2.2

libgomp1-9.3.1+git1296-lp151.2.2

libgomp1-32bit-9.3.1+git1296-lp151.2.2

libitm1-9.3.1+git1296-lp151.2.2

libitm1-32bit-9.3.1+git1296-lp151.2.2

liblsan0-9.3.1+git1296-lp151.2.2

libquadmath0-9.3.1+git1296-lp151.2.2

libquadmath0-32bit-9.3.1+git1296-lp151.2.2

libstdc++6-9.3.1+git1296-lp151.2.2

libstdc++6-32bit-9.3.1+git1296-lp151.2.2

libstdc++6-devel-gcc9-9.3.1+git1296-lp151.2.2

libstdc++6-devel-gcc9-32bit-9.3.1+git1296-lp151.2.2

libstdc++6-locale-9.3.1+git1296-lp151.2.2

libstdc++6-pp-gcc9-9.3.1+git1296-lp151.2.2

libstdc++6-pp-gcc9-32bit-9.3.1+git1296-lp151.2.2

libtsan0-9.3.1+git1296-lp151.2.2

libubsan1-9.3.1+git1296-lp151.2.2

libubsan1-32bit-9.3.1+git1296-lp151.2.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JTCFGW443IEBOK3ANCBHXSSTATRWPNXY/
E-Mail link for openSUSE-SU-2020:0716-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1114592
SUSE Bug 1114592
https://bugzilla.suse.com/1135254
SUSE Bug 1135254
https://bugzilla.suse.com/1141897
SUSE Bug 1141897
https://bugzilla.suse.com/1142649
SUSE Bug 1142649
https://bugzilla.suse.com/1142654
SUSE Bug 1142654
https://bugzilla.suse.com/1148517
SUSE Bug 1148517
https://bugzilla.suse.com/1149145
SUSE Bug 1149145
https://bugzilla.suse.com/1149995
SUSE Bug 1149995
https://bugzilla.suse.com/1152590
SUSE Bug 1152590
https://bugzilla.suse.com/1167898
SUSE Bug 1167898
https://www.suse.com/security/cve/CVE-2019-14250/
SUSE CVE CVE-2019-14250 page
https://www.suse.com/security/cve/CVE-2019-15847/
SUSE CVE CVE-2019-15847 page

Описание

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

Затронутые продукты

openSUSE Leap 15.1:cpp9-9.3.1+git1296-lp151.2.2

openSUSE Leap 15.1:cross-nvptx-gcc9-9.3.1+git1296-lp151.2.1

openSUSE Leap 15.1:cross-nvptx-newlib9-devel-9.3.1+git1296-lp151.2.1

openSUSE Leap 15.1:gcc9-32bit-9.3.1+git1296-lp151.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-14250.html
CVE-2019-14250
https://bugzilla.suse.com/1142649
SUSE Bug 1142649

Описание

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Затронутые продукты

openSUSE Leap 15.1:cpp9-9.3.1+git1296-lp151.2.2

openSUSE Leap 15.1:cross-nvptx-gcc9-9.3.1+git1296-lp151.2.1

openSUSE Leap 15.1:cross-nvptx-newlib9-devel-9.3.1+git1296-lp151.2.1

openSUSE Leap 15.1:gcc9-32bit-9.3.1+git1296-lp151.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-15847.html
CVE-2019-15847
https://bugzilla.suse.com/1149145
SUSE Bug 1149145

openSUSE-SU-2020:0716-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-14250

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-15847

Описание

Затронутые продукты

Ссылки