SciLinux: CVE-2009-3736 Moderate: gcc and gcc4 SL3.x, SL4.x,

Date:         Wed, 20 Jan 2010 13:36:55 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: gcc and gcc4 on SL3.x, SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: gcc and gcc4 security update
Issue date:	2010-01-13
CVE Names:	CVE-2009-3736

CVE-2009-3736 libtool: libltdl may load and execute code from a library 
in the current directory

A flaw was found in the way GNU Libtool's libltdl library looked for
libraries to load. It was possible for libltdl to load a malicious 
library from the current working directory. In certain configurations, 
if a local attacker is able to trick a local user into running a Java 
application (which uses a function to load native libraries, such as
System.loadLibrary) from within an attacker-controlled directory 
containing a malicious library or module, the attacker could possibly 
execute arbitrary code with the privileges of the user running the Java
application. (CVE-2009-3736)

All running Java applications using libgcj must be restarted for this 
update to take effect.

SL 3.0.x

       SRPMS:
gcc-3.2.3-60.src.rpm
       i386:
cpp-3.2.3-60.i386.rpm
gcc-3.2.3-60.i386.rpm
gcc-c++-3.2.3-60.i386.rpm
gcc-g77-3.2.3-60.i386.rpm
gcc-gnat-3.2.3-60.i386.rpm
gcc-java-3.2.3-60.i386.rpm
gcc-objc-3.2.3-60.i386.rpm
libf2c-3.2.3-60.i386.rpm
libgcc-3.2.3-60.i386.rpm
libgcj-3.2.3-60.i386.rpm
libgcj-devel-3.2.3-60.i386.rpm
libgnat-3.2.3-60.i386.rpm
libobjc-3.2.3-60.i386.rpm
libstdc++-3.2.3-60.i386.rpm
libstdc++-devel-3.2.3-60.i386.rpm
       x86_64:
cpp-3.2.3-60.x86_64.rpm
gcc-3.2.3-60.x86_64.rpm
gcc-c++-3.2.3-60.x86_64.rpm
gcc-g77-3.2.3-60.x86_64.rpm
gcc-gnat-3.2.3-60.x86_64.rpm
gcc-java-3.2.3-60.x86_64.rpm
gcc-objc-3.2.3-60.x86_64.rpm
libf2c-3.2.3-60.i386.rpm
libf2c-3.2.3-60.x86_64.rpm
libgcc-3.2.3-60.i386.rpm
libgcc-3.2.3-60.x86_64.rpm
libgcj-3.2.3-60.i386.rpm
libgcj-3.2.3-60.x86_64.rpm
libgcj-devel-3.2.3-60.x86_64.rpm
libgnat-3.2.3-60.i386.rpm
libgnat-3.2.3-60.x86_64.rpm
libobjc-3.2.3-60.i386.rpm
libobjc-3.2.3-60.x86_64.rpm
libstdc++-3.2.3-60.i386.rpm
libstdc++-3.2.3-60.x86_64.rpm
libstdc++-devel-3.2.3-60.i386.rpm
libstdc++-devel-3.2.3-60.x86_64.rpm

SL 4.x

       SRPMS:
gcc-3.4.6-11.el4_8.1.src.rpm
gcc4-4.1.2-44.EL4_8.1.src.rpm
       i386:
cpp-3.4.6-11.el4_8.1.i386.rpm
gcc-3.4.6-11.el4_8.1.i386.rpm
gcc4-4.1.2-44.EL4_8.1.i386.rpm
gcc4-c++-4.1.2-44.EL4_8.1.i386.rpm
gcc4-gfortran-4.1.2-44.EL4_8.1.i386.rpm
gcc4-java-4.1.2-44.EL4_8.1.i386.rpm
gcc-c++-3.4.6-11.el4_8.1.i386.rpm
gcc-g77-3.4.6-11.el4_8.1.i386.rpm
gcc-gnat-3.4.6-11.el4_8.1.i386.rpm
gcc-java-3.4.6-11.el4_8.1.i386.rpm
gcc-objc-3.4.6-11.el4_8.1.i386.rpm
libf2c-3.4.6-11.el4_8.1.i386.rpm
libgcc-3.4.6-11.el4_8.1.i386.rpm
libgcj-3.4.6-11.el4_8.1.i386.rpm
libgcj4-4.1.2-44.EL4_8.1.i386.rpm
libgcj4-devel-4.1.2-44.EL4_8.1.i386.rpm
libgcj4-src-4.1.2-44.EL4_8.1.i386.rpm
libgcj-devel-3.4.6-11.el4_8.1.i386.rpm
libgfortran-4.1.2-44.EL4_8.1.i386.rpm
libgnat-3.4.6-11.el4_8.1.i386.rpm
libgomp-4.1.2-44.EL4_8.1.i386.rpm
libmudflap-4.1.2-44.EL4_8.1.i386.rpm
libmudflap-devel-4.1.2-44.EL4_8.1.i386.rpm
libobjc-3.4.6-11.el4_8.1.i386.rpm
libstdc++-3.4.6-11.el4_8.1.i386.rpm
libstdc++-devel-3.4.6-11.el4_8.1.i386.rpm
       x86_64:
cpp-3.4.6-11.el4_8.1.x86_64.rpm
gcc-3.4.6-11.el4_8.1.x86_64.rpm
gcc4-4.1.2-44.EL4_8.1.x86_64.rpm
gcc4-c++-4.1.2-44.EL4_8.1.x86_64.rpm
gcc4-gfortran-4.1.2-44.EL4_8.1.x86_64.rpm
gcc4-java-4.1.2-44.EL4_8.1.x86_64.rpm
gcc-c++-3.4.6-11.el4_8.1.x86_64.rpm
gcc-g77-3.4.6-11.el4_8.1.x86_64.rpm
gcc-gnat-3.4.6-11.el4_8.1.x86_64.rpm
gcc-java-3.4.6-11.el4_8.1.x86_64.rpm
gcc-objc-3.4.6-11.el4_8.1.x86_64.rpm
libf2c-3.4.6-11.el4_8.1.i386.rpm
libf2c-3.4.6-11.el4_8.1.x86_64.rpm
libgcc-3.4.6-11.el4_8.1.i386.rpm
libgcc-3.4.6-11.el4_8.1.x86_64.rpm
libgcj-3.4.6-11.el4_8.1.i386.rpm
libgcj-3.4.6-11.el4_8.1.x86_64.rpm
libgcj4-4.1.2-44.EL4_8.1.i386.rpm
libgcj4-4.1.2-44.EL4_8.1.x86_64.rpm
libgcj4-devel-4.1.2-44.EL4_8.1.x86_64.rpm
libgcj4-src-4.1.2-44.EL4_8.1.x86_64.rpm
libgcj-devel-3.4.6-11.el4_8.1.x86_64.rpm
libgfortran-4.1.2-44.EL4_8.1.i386.rpm
libgfortran-4.1.2-44.EL4_8.1.x86_64.rpm
libgnat-3.4.6-11.el4_8.1.i386.rpm
libgnat-3.4.6-11.el4_8.1.x86_64.rpm
libgomp-4.1.2-44.EL4_8.1.i386.rpm
libgomp-4.1.2-44.EL4_8.1.x86_64.rpm
libmudflap-4.1.2-44.EL4_8.1.i386.rpm
libmudflap-4.1.2-44.EL4_8.1.x86_64.rpm
libmudflap-devel-4.1.2-44.EL4_8.1.x86_64.rpm
libobjc-3.4.6-11.el4_8.1.i386.rpm
libobjc-3.4.6-11.el4_8.1.x86_64.rpm
libstdc++-3.4.6-11.el4_8.1.i386.rpm
libstdc++-3.4.6-11.el4_8.1.x86_64.rpm
libstdc++-devel-3.4.6-11.el4_8.1.i386.rpm
libstdc++-devel-3.4.6-11.el4_8.1.x86_64.rpm

SL 5.x

       SRPMS:
gcc-4.1.2-46.el5_4.2.src.rpm
       i386:
cpp-4.1.2-46.el5_4.2.i386.rpm
gcc-4.1.2-46.el5_4.2.i386.rpm
gcc-c++-4.1.2-46.el5_4.2.i386.rpm
gcc-gfortran-4.1.2-46.el5_4.2.i386.rpm
gcc-gnat-4.1.2-46.el5_4.2.i386.rpm
gcc-java-4.1.2-46.el5_4.2.i386.rpm
gcc-objc-4.1.2-46.el5_4.2.i386.rpm
gcc-objc++-4.1.2-46.el5_4.2.i386.rpm
libgcc-4.1.2-46.el5_4.2.i386.rpm
libgcj-4.1.2-46.el5_4.2.i386.rpm
libgcj-devel-4.1.2-46.el5_4.2.i386.rpm
libgcj-src-4.1.2-46.el5_4.2.i386.rpm
libgfortran-4.1.2-46.el5_4.2.i386.rpm
libgnat-4.1.2-46.el5_4.2.i386.rpm
libmudflap-4.1.2-46.el5_4.2.i386.rpm
libmudflap-devel-4.1.2-46.el5_4.2.i386.rpm
libobjc-4.1.2-46.el5_4.2.i386.rpm
libstdc++-4.1.2-46.el5_4.2.i386.rpm
libstdc++-devel-4.1.2-46.el5_4.2.i386.rpm
   Dependancies for SL 5.0, 5.1, 5.2 and 5.3:
gcc44-4.4.0-6.el5.i386.rpm
gcc44-c++-4.4.0-6.el5.i386.rpm
gcc44-gfortran-4.4.0-6.el5.i386.rpm
libgfortran44-4.4.0-6.el5.i386.rpm
libgomp-4.4.0-6.el5.i386.rpm
libstdc++44-devel-4.4.0-6.el5.i386.rpm

       x86_64:
cpp-4.1.2-46.el5_4.2.x86_64.rpm
gcc-4.1.2-46.el5_4.2.x86_64.rpm
gcc-c++-4.1.2-46.el5_4.2.x86_64.rpm
gcc-gfortran-4.1.2-46.el5_4.2.x86_64.rpm
gcc-gnat-4.1.2-46.el5_4.2.x86_64.rpm
gcc-java-4.1.2-46.el5_4.2.x86_64.rpm
gcc-objc-4.1.2-46.el5_4.2.x86_64.rpm
gcc-objc++-4.1.2-46.el5_4.2.x86_64.rpm
libgcc-4.1.2-46.el5_4.2.i386.rpm
libgcc-4.1.2-46.el5_4.2.x86_64.rpm
libgcj-4.1.2-46.el5_4.2.i386.rpm
libgcj-4.1.2-46.el5_4.2.x86_64.rpm
libgcj-devel-4.1.2-46.el5_4.2.i386.rpm
libgcj-devel-4.1.2-46.el5_4.2.x86_64.rpm
libgcj-src-4.1.2-46.el5_4.2.x86_64.rpm
libgfortran-4.1.2-46.el5_4.2.i386.rpm
libgfortran-4.1.2-46.el5_4.2.x86_64.rpm
libgnat-4.1.2-46.el5_4.2.i386.rpm
libgnat-4.1.2-46.el5_4.2.x86_64.rpm
libmudflap-4.1.2-46.el5_4.2.i386.rpm
libmudflap-4.1.2-46.el5_4.2.x86_64.rpm
libmudflap-devel-4.1.2-46.el5_4.2.i386.rpm
libmudflap-devel-4.1.2-46.el5_4.2.x86_64.rpm
libobjc-4.1.2-46.el5_4.2.i386.rpm
libobjc-4.1.2-46.el5_4.2.x86_64.rpm
libstdc++-4.1.2-46.el5_4.2.i386.rpm
libstdc++-4.1.2-46.el5_4.2.x86_64.rpm
libstdc++-devel-4.1.2-46.el5_4.2.i386.rpm
libstdc++-devel-4.1.2-46.el5_4.2.x86_64.rpm
   Dependancies for SL 5.0, 5.1, 5.2 and 5.3:
gcc44-4.4.0-6.el5.x86_64.rpm
gcc44-c++-4.4.0-6.el5.x86_64.rpm
gcc44-gfortran-4.4.0-6.el5.x86_64.rpm
libgfortran44-4.4.0-6.el5.i386.rpm
libgfortran44-4.4.0-6.el5.x86_64.rpm
libgomp-4.4.0-6.el5.i386.rpm
libgomp-4.4.0-6.el5.x86_64.rpm
libstdc++44-devel-4.4.0-6.el5.i386.rpm
libstdc++44-devel-4.4.0-6.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson
SciLinux: CVE-2009-3736 Moderate: gcc and gcc4 SL3.x, SL4.x,

Summary

Security Fixes

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
