Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

openSUSE: 2020:0716-1 Moderate Update for gcc9 Heap Overflow Issue

opensuse
Calendar Grey May 26, 2020
Dist Opensuse Esm H88
This enhancement addresses a pair of concerns within gcc9, alongside numerous corrections, promoting better reliability in openSUSE environments.
An update that solves two vulnerabilities and has 8 fixes is now available.

Description

This update includes the GNU Compiler Collection 9.

This update ships the GCC 9.3 release.

A full changelog is provided by the GCC team on:

The base system compiler libraries libgcc_s1, libstdc++6 and others are

now built by the gcc 9 packages.

To use it, install "gcc9" or "gcc9-c++" or other compiler brands and use

CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that

optimized multiple calls of the __builtin_darn intrinsic into a single

call. (bsc#1149145)

- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

- Split out libstdc++ pretty-printers into a separate package

supplementing gdb and the installed runtime. (bsc#1135254)

- Fixed miscompilation for vector shift on s390. (bsc#1141897)

- Includes a fix for Internal compiler error when building HepMC

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate heap overflow openSUSE compiler update miscompilation gcc9

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-716=1

Package List

- openSUSE Leap 15.1 (noarch):

gcc9-info-9.3.1+git1296-lp151.2.2

- openSUSE Leap 15.1 (x86_64):

cpp9-9.3.1+git1296-lp151.2.2

cpp9-debuginfo-9.3.1+git1296-lp151.2.2

cross-nvptx-gcc9-9.3.1+git1296-lp151.2.1

cross-nvptx-gcc9-debuginfo-9.3.1+git1296-lp151.2.1

cross-nvptx-gcc9-debugsource-9.3.1+git1296-lp151.2.1

cross-nvptx-newlib9-devel-9.3.1+git1296-lp151.2.1

gcc9-32bit-9.3.1+git1296-lp151.2.2

gcc9-9.3.1+git1296-lp151.2.2

gcc9-ada-32bit-9.3.1+git1296-lp151.2.2

gcc9-ada-9.3.1+git1296-lp151.2.2

gcc9-ada-debuginfo-9.3.1+git1296-lp151.2.2

gcc9-c++-32bit-9.3.1+git1296-lp151.2.2

gcc9-c++-9.3.1+git1296-lp151.2.2

gcc9-c++-debuginfo-9.3.1+git1296-lp151.2.2

gcc9-debuginfo-9.3.1+git1296-lp151.2.2

gcc9-debugsource-9.3.1+git1296-lp151.2.2

gcc9-fortran-32bit-9.3.1+git1296-lp151.2.2

gcc9-fortran-9.3.1+git1296-lp151.2.2

gcc9-fortran-debuginfo-9.3.1+git1296-lp151.2.2

gcc9-go-32bit-9.3.1+git1296-lp151.2.2

gcc9-go-9.3.1+git1296-lp151.2.2

gcc9-go-debuginfo-9.3.1+git1296-lp151.2.2

gcc9-locale-9.3.1+git1296-lp151.2.2

libada9-32bit-9.3....

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-14250.html

https://www.suse.com/security/cve/CVE-2019-15847.html

https://bugzilla.suse.com/1114592

https://bugzilla.suse.com/1135254

https://bugzilla.suse.com/1141897

https://bugzilla.suse.com/1142649

https://bugzilla.suse.com/1142654

https://bugzilla.suse.com/1148517

https://bugzilla.suse.com/1149145

https://bugzilla.suse.com/1149995

https://bugzilla.suse.com/1152590

https://bugzilla.suse.com/1167898

--

Announcement ID: openSUSE-SU-2020:0716-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory moderate heap overflow openSUSE compiler update miscompilation gcc9

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here