Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:0394-1 Moderate: Multiple Vulnerabilities in gcc9

suse
Calendar Grey February 18, 2020
Dist Suse Esm H88
The release addresses a pair of security flaws within gcc9, implementing an array of corrections that affect SUSE operating systems as well as cloud service platforms.
An update that solves two vulnerabilities and has 5 fixes is now available

Summary

This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed:

Topics%20covered

Topics Covered

security advisory moderate heap overflow SUSE cloud computing miscompilation gcc9

References

#1114592 #1135254 #1141897 #1142649 #1142654

#1148517 #1149145

Cross- CVE-2019-14250 CVE-2019-15847

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Module for Toolchain 12

SUSE Enterprise Storage 5

...

Read the Full Advisory

Announcement ID: SUSE-SU-2020:0394-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate heap overflow SUSE cloud computing miscompilation gcc9

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here