You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gcc7

Sigurnosni nedostatak programskog paketa gcc7

openSUSE Security Update: Security update for gcc7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2300-1
Rating: moderate
References: #1150164 #1161913 #1167939 #1172798 #1178577
#1178614 #1178624 #1178675
Cross-References: CVE-2020-13844
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves one vulnerability and has 7 fixes is
now available.

Description:

This update for gcc7 fixes the following issues:

– CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation
issue (bsc#1172798)
– Enable fortran for the nvptx offload compiler.
– Update README.First-for.SuSE.packagers
– avoid assembler errors with AVX512 gather and scatter instructions when
using -masm=intel.
– Backport the aarch64 -moutline-atomics feature and accumulated fixes but
not its default enabling. [jsc#SLE-12209, bsc#1167939]
– Fixed 32bit libgnat.so link. [bsc#1178675]
– Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]
– Fixed debug line info for try/catch. [bsc#1178614]
– Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to
build gcc7 (ie when ada is enabled)
– Fixed corruption of pass private ->aux via DF. [gcc#94148]
– Fixed debug information issue with inlined functions and passed by
reference arguments. [gcc#93888]
– Fixed binutils release date detection issue.
– Fixed register allocation issue with exception handling code on s390x.
[bsc#1161913]
– Fixed miscompilation of some atomic code on aarch64. [bsc#1150164]

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2300=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

cpp7-7.5.0+r278197-lp151.2.15.1
cpp7-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-7.5.0+r278197-lp151.2.15.1
gcc7-ada-7.5.0+r278197-lp151.2.15.1
gcc7-ada-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-c++-7.5.0+r278197-lp151.2.15.1
gcc7-c++-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-debugsource-7.5.0+r278197-lp151.2.15.1
gcc7-fortran-7.5.0+r278197-lp151.2.15.1
gcc7-fortran-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-go-7.5.0+r278197-lp151.2.15.1
gcc7-go-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-locale-7.5.0+r278197-lp151.2.15.1
gcc7-obj-c++-7.5.0+r278197-lp151.2.15.1
gcc7-obj-c++-debuginfo-7.5.0+r278197-lp151.2.15.1
gcc7-objc-7.5.0+r278197-lp151.2.15.1
gcc7-objc-debuginfo-7.5.0+r278197-lp151.2.15.1
libada7-7.5.0+r278197-lp151.2.15.1
libada7-debuginfo-7.5.0+r278197-lp151.2.15.1
libasan4-7.5.0+r278197-lp151.2.15.1
libasan4-debuginfo-7.5.0+r278197-lp151.2.15.1
libcilkrts5-7.5.0+r278197-lp151.2.15.1
libcilkrts5-debuginfo-7.5.0+r278197-lp151.2.15.1
libgfortran4-7.5.0+r278197-lp151.2.15.1
libgfortran4-debuginfo-7.5.0+r278197-lp151.2.15.1
libgo11-7.5.0+r278197-lp151.2.15.1
libgo11-debuginfo-7.5.0+r278197-lp151.2.15.1
libstdc++6-devel-gcc7-7.5.0+r278197-lp151.2.15.1
libubsan0-7.5.0+r278197-lp151.2.15.1
libubsan0-debuginfo-7.5.0+r278197-lp151.2.15.1

– openSUSE Leap 15.1 (noarch):

gcc7-info-7.5.0+r278197-lp151.2.15.1

– openSUSE Leap 15.1 (x86_64):

gcc7-32bit-7.5.0+r278197-lp151.2.15.1
gcc7-ada-32bit-7.5.0+r278197-lp151.2.15.1
gcc7-c++-32bit-7.5.0+r278197-lp151.2.15.1
gcc7-fortran-32bit-7.5.0+r278197-lp151.2.15.1
gcc7-go-32bit-7.5.0+r278197-lp151.2.15.1
gcc7-obj-c++-32bit-7.5.0+r278197-lp151.2.15.1
gcc7-objc-32bit-7.5.0+r278197-lp151.2.15.1
libada7-32bit-7.5.0+r278197-lp151.2.15.1
libada7-32bit-debuginfo-7.5.0+r278197-lp151.2.15.1
libasan4-32bit-7.5.0+r278197-lp151.2.15.1
libasan4-32bit-debuginfo-7.5.0+r278197-lp151.2.15.1
libcilkrts5-32bit-7.5.0+r278197-lp151.2.15.1
libcilkrts5-32bit-debuginfo-7.5.0+r278197-lp151.2.15.1
libgfortran4-32bit-7.5.0+r278197-lp151.2.15.1
libgfortran4-32bit-debuginfo-7.5.0+r278197-lp151.2.15.1
libgo11-32bit-7.5.0+r278197-lp151.2.15.1
libgo11-32bit-debuginfo-7.5.0+r278197-lp151.2.15.1
libstdc++6-devel-gcc7-32bit-7.5.0+r278197-lp151.2.15.1
libubsan0-32bit-7.5.0+r278197-lp151.2.15.1
libubsan0-32bit-debuginfo-7.5.0+r278197-lp151.2.15.1

References:

https://www.suse.com/security/cve/CVE-2020-13844.html
https://bugzilla.suse.com/1150164
https://bugzilla.suse.com/1161913
https://bugzilla.suse.com/1167939
https://bugzilla.suse.com/1172798
https://bugzilla.suse.com/1178577
https://bugzilla.suse.com/1178614
https://bugzilla.suse.com/1178624
https://bugzilla.suse.com/1178675
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

openSUSE Security Update: Security update for gcc7
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2301-1
Rating: moderate
References: #1150164 #1161913 #1167939 #1172798 #1178577
#1178614 #1178624 #1178675
Cross-References: CVE-2020-13844
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that solves one vulnerability and has 7 fixes is
now available.

Description:

This update for gcc7 fixes the following issues:

– CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation
issue (bsc#1172798)
– Enable fortran for the nvptx offload compiler.
– Update README.First-for.SuSE.packagers
– avoid assembler errors with AVX512 gather and scatter instructions when
using -masm=intel.
– Backport the aarch64 -moutline-atomics feature and accumulated fixes but
not its default enabling. [jsc#SLE-12209, bsc#1167939]
– Fixed 32bit libgnat.so link. [bsc#1178675]
– Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]
– Fixed debug line info for try/catch. [bsc#1178614]
– Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to
build gcc7 (ie when ada is enabled)
– Fixed corruption of pass private ->aux via DF. [gcc#94148]
– Fixed debug information issue with inlined functions and passed by
reference arguments. [gcc#93888]
– Fixed binutils release date detection issue.
– Fixed register allocation issue with exception handling code on s390x.
[bsc#1161913]
– Fixed miscompilation of some atomic code on aarch64. [bsc#1150164]

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2301=1

Package List:

– openSUSE Leap 15.2 (i586 x86_64):

cpp7-7.5.0+r278197-lp152.3.3.1
cpp7-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-7.5.0+r278197-lp152.3.3.1
gcc7-ada-7.5.0+r278197-lp152.3.3.1
gcc7-ada-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-c++-7.5.0+r278197-lp152.3.3.1
gcc7-c++-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-debugsource-7.5.0+r278197-lp152.3.3.1
gcc7-fortran-7.5.0+r278197-lp152.3.3.1
gcc7-fortran-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-go-7.5.0+r278197-lp152.3.3.1
gcc7-go-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-locale-7.5.0+r278197-lp152.3.3.1
gcc7-obj-c++-7.5.0+r278197-lp152.3.3.1
gcc7-obj-c++-debuginfo-7.5.0+r278197-lp152.3.3.1
gcc7-objc-7.5.0+r278197-lp152.3.3.1
gcc7-objc-debuginfo-7.5.0+r278197-lp152.3.3.1
libada7-7.5.0+r278197-lp152.3.3.1
libada7-debuginfo-7.5.0+r278197-lp152.3.3.1
libasan4-7.5.0+r278197-lp152.3.3.1
libasan4-debuginfo-7.5.0+r278197-lp152.3.3.1
libcilkrts5-7.5.0+r278197-lp152.3.3.1
libcilkrts5-debuginfo-7.5.0+r278197-lp152.3.3.1
libgfortran4-7.5.0+r278197-lp152.3.3.1
libgfortran4-debuginfo-7.5.0+r278197-lp152.3.3.1
libgo11-7.5.0+r278197-lp152.3.3.1
libgo11-debuginfo-7.5.0+r278197-lp152.3.3.1
libstdc++6-devel-gcc7-7.5.0+r278197-lp152.3.3.1
libubsan0-7.5.0+r278197-lp152.3.3.1
libubsan0-debuginfo-7.5.0+r278197-lp152.3.3.1

– openSUSE Leap 15.2 (noarch):

gcc7-info-7.5.0+r278197-lp152.3.3.1

– openSUSE Leap 15.2 (x86_64):

gcc7-32bit-7.5.0+r278197-lp152.3.3.1
gcc7-ada-32bit-7.5.0+r278197-lp152.3.3.1
gcc7-c++-32bit-7.5.0+r278197-lp152.3.3.1
gcc7-fortran-32bit-7.5.0+r278197-lp152.3.3.1
gcc7-go-32bit-7.5.0+r278197-lp152.3.3.1
gcc7-obj-c++-32bit-7.5.0+r278197-lp152.3.3.1
gcc7-objc-32bit-7.5.0+r278197-lp152.3.3.1
libada7-32bit-7.5.0+r278197-lp152.3.3.1
libada7-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1
libasan4-32bit-7.5.0+r278197-lp152.3.3.1
libasan4-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1
libcilkrts5-32bit-7.5.0+r278197-lp152.3.3.1
libcilkrts5-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1
libgfortran4-32bit-7.5.0+r278197-lp152.3.3.1
libgfortran4-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1
libgo11-32bit-7.5.0+r278197-lp152.3.3.1
libgo11-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1
libstdc++6-devel-gcc7-32bit-7.5.0+r278197-lp152.3.3.1
libubsan0-32bit-7.5.0+r278197-lp152.3.3.1
libubsan0-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1

References:

https://www.suse.com/security/cve/CVE-2020-13844.html
https://bugzilla.suse.com/1150164
https://bugzilla.suse.com/1161913
https://bugzilla.suse.com/1167939
https://bugzilla.suse.com/1172798
https://bugzilla.suse.com/1178577
https://bugzilla.suse.com/1178614
https://bugzilla.suse.com/1178624
https://bugzilla.suse.com/1178675
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Red Hat OpenShift Container Storage

Otkriveni su sigurnosni nedostaci u programskom paketu Red Hat OpenShift Container Storage za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima...

Close