Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

openSUSE 15.2: Security Update ID 2020:2301-1 Moderate: gcc7 DoS Mitigation

opensuse
Calendar Grey December 20, 2020
Dist Opensuse Esm H88
A recent update for openSUSE has been released for gcc7, rectifying a moderately severe vulnerability, along with several patches now ready for deployment.
An update that solves one vulnerability and has 7 fixes is now available

Description

This update for gcc7 fixes the following issues:

- CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation

issue (bsc#1172798)

- Enable fortran for the nvptx offload compiler.

- Update README.First-for.SuSE.packagers

- avoid assembler errors with AVX512 gather and scatter instructions when

using -masm=intel.

- Backport the aarch64 -moutline-atomics feature and accumulated fixes but

not its default enabling. [jsc#SLE-12209, bsc#1167939]

- Fixed 32bit libgnat.so link. [bsc#1178675]

- Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]

- Fixed debug line info for try/catch. [bsc#1178614]

- Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to

build gcc7 (ie when ada is enabled)

- Fixed corruption of pass private ->aux via DF. [gcc#94148]

- Fixed debug information issue with inlined functions and passed by

reference arguments. [gcc#93888]

- Fixed...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security update moderate threat openSUSE DoS mitigation gcc7 CVE-2020-13844 compiler bug

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2301=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

cpp7-7.5.0+r278197-lp152.3.3.1

cpp7-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-7.5.0+r278197-lp152.3.3.1

gcc7-ada-7.5.0+r278197-lp152.3.3.1

gcc7-ada-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-c++-7.5.0+r278197-lp152.3.3.1

gcc7-c++-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-debugsource-7.5.0+r278197-lp152.3.3.1

gcc7-fortran-7.5.0+r278197-lp152.3.3.1

gcc7-fortran-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-go-7.5.0+r278197-lp152.3.3.1

gcc7-go-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-locale-7.5.0+r278197-lp152.3.3.1

gcc7-obj-c++-7.5.0+r278197-lp152.3.3.1

gcc7-obj-c++-debuginfo-7.5.0+r278197-lp152.3.3.1

gcc7-objc-7.5.0+r278197-lp152.3.3.1

gcc7-objc-debuginfo-7.5.0+r278197-lp152.3.3.1

libada7-7.5.0+r278197-lp152.3.3.1

libada7-debuginfo-7.5.0+r278197-lp152.3.3.1

libasan4-7.5.0+r278197-lp152.3.3.1

libasan4-debuginfo-7.5.0+r278197-lp152.3.3.1

libcilkrts5-7.5.0+r278197-lp152.3.3.1

libcilkrts5-debuginfo-7.5.0+r278197-lp152.3.3.1

libgfortran4-7.5.0+r2781...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-13844.html

https://bugzilla.suse.com/1150164

https://bugzilla.suse.com/1161913

https://bugzilla.suse.com/1167939

https://bugzilla.suse.com/1172798

https://bugzilla.suse.com/1178577

https://bugzilla.suse.com/1178614

https://bugzilla.suse.com/1178624

https://bugzilla.suse.com/1178675

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette:

List Archives:

Announcement ID: openSUSE-SU-2020:2301-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 able.

Topics%20covered

Topics Covered

security advisory moderate security update moderate threat openSUSE DoS mitigation gcc7 CVE-2020-13844 compiler bug

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here