

# Security update for gcc7

Announcement ID: SUSE-SU-2023:3662-1  
Rating: important  
References:

  * bsc#1071995
  * bsc#1084842
  * bsc#1114592
  * bsc#1124644
  * bsc#1128794
  * bsc#1129389
  * bsc#1131264
  * bsc#1141897
  * bsc#1142649
  * bsc#1146475
  * bsc#1148517
  * bsc#1149145
  * bsc#1150164
  * bsc#1160086
  * bsc#1161913
  * bsc#1167939
  * bsc#1172798
  * bsc#1178577
  * bsc#1178614
  * bsc#1178624
  * bsc#1178675
  * bsc#1181618
  * bsc#1195517
  * bsc#1196861
  * bsc#1204505
  * bsc#1205145
  * bsc#1214052
  * jsc#SLE-12209
  * jsc#SLE-6738

  
Cross-References:

  * CVE-2019-14250
  * CVE-2019-15847
  * CVE-2020-13844
  * CVE-2023-4039

  
CVSS scores:

  * CVE-2019-14250 ( SUSE ):  5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  * CVE-2019-14250 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2019-14250 ( NVD ):  5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  * CVE-2019-15847 ( SUSE ):  6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2019-15847 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2019-15847 ( NVD ):  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2020-13844 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2020-13844 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-4039 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4039 ( NVD ):  4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP2
  * SUSE Linux Enterprise High Performance Computing 12 SP3
  * SUSE Linux Enterprise High Performance Computing 12 SP4
  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12
  * SUSE Linux Enterprise Server 12 SP1
  * SUSE Linux Enterprise Server 12 SP2
  * SUSE Linux Enterprise Server 12 SP3
  * SUSE Linux Enterprise Server 12 SP4
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12
  * SUSE Linux Enterprise Server for SAP Applications 12 SP1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP2
  * SUSE Linux Enterprise Server for SAP Applications 12 SP3
  * SUSE Linux Enterprise Server for SAP Applications 12 SP4
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * Toolchain Module 12

  
  
An update that solves four vulnerabilities, contains two features and has 23
security fixes can now be installed.

## Description:

This update for gcc7 fixes the following issues:

Security issues fixed:

  * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64
    (bsc#1214052).
  * CVE-2019-15847: Fixed POWER9 DARN miscompilation. (bsc#1149145)
  * CVE-2019-14250: Includes fix for LTO linker plugin heap overflow.
    (bsc#1142649)

Update to GCC 7.5.0 release.

Other changes:

  * Fixed KASAN kernel compile. (bsc#1205145)
  * Fixed ICE with C++17 code. (bsc#1204505)
  * Fixed altivec.h redefining bool in C++ which makes bool unusable
    (bsc#1195517):
  * Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
  * Do not handle exceptions in std::thread (jsc#CAR-1182)
  * add -fpatchable-function-entry feature to gcc-7.
  * Fixed glibc namespace violation with getauxval. (bsc#1167939)
  * Backport aarch64 Straight Line Speculation mitigation [bsc#1172798,
    CVE-2020-13844]
  * Enable fortran for the nvptx offload compiler.
  * Update README.First-for.SuSE.packagers
  * Avoid assembler errors with AVX512 gather and scatter instructions when
    using -masm=intel.
  * Backport the aarch64 -moutline-atomics feature and accumulated fixes but not
    its default enabling. (jsc#SLE-12209, bsc#1167939)
  * Fixed memcpy miscompilation on aarch64. (bsc#1178624, bsc#1178577)
  * Fixed debug line info for try/catch. (bsc#1178614)
  * Fixed corruption of pass private ->aux via DF. (gcc#94148)
  * Fixed debug information issue with inlined functions and passed by reference
    arguments. [gcc#93888]
  * Fixed register allocation issue with exception handling code on s390x.
    (bsc#1161913)
  * Backport PR target/92692 to fix miscompilation of some atomic code on
    aarch64. (bsc#1150164)
  * Fixed miscompilation in vectorized code for s390x. (bsc#1160086) [gcc#92950]
  * Fixed miscompilation with thread-safe local static initialization.
    [gcc#85887]
  * Fixed debug info created for array definitions that complete an earlier
    declaration. [bsc#1146475]
  * Fixed vector shift miscompilation on s390. (bsc#1141897)
  * Add gcc7 -flive-patching patch. [bsc#1071995, fate#323487]
  * Strip -flto from $optflags.
  * Disables switch jump-tables when retpolines are used. (bsc#1131264,
    jsc#SLE-6738)
  * Fixed ICE compiling tensorflow on aarch64. (bsc#1129389)
  * Fixed for aarch64 FMA steering pass use-after-free. (bsc#1128794)
  * Fixed ICE compiling tensorflow. (bsc#1129389)
  * Fixed s390x FP load-and-test issue. (bsc#1124644)
  * Adjust gnat manual entries in the info directory. (bsc#1114592)
  * Fixed to no longer try linking -lieee with -mieee-fp. (bsc#1084842)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * Toolchain Module 12  
    zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-3662=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1

## Package List:

  * Toolchain Module 12 (aarch64 ppc64le s390x x86_64)
    * cpp7-7.5.0+r278197-13.1
    * cpp7-debuginfo-7.5.0+r278197-13.1
    * gcc7-locale-7.5.0+r278197-13.1
    * gcc7-debugsource-7.5.0+r278197-13.1
    * gcc7-c++-debuginfo-7.5.0+r278197-13.1
    * gcc7-7.5.0+r278197-13.1
    * libstdc++6-devel-gcc7-7.5.0+r278197-13.1
    * gcc7-c++-7.5.0+r278197-13.1
    * gcc7-fortran-debuginfo-7.5.0+r278197-13.1
    * gcc7-debuginfo-7.5.0+r278197-13.1
    * gcc7-fortran-7.5.0+r278197-13.1
  * Toolchain Module 12 (noarch)
    * gcc7-info-7.5.0+r278197-13.1
  * Toolchain Module 12 (s390x x86_64)
    * libstdc++6-devel-gcc7-32bit-7.5.0+r278197-13.1
    * gcc7-fortran-32bit-7.5.0+r278197-13.1
    * gcc7-32bit-7.5.0+r278197-13.1
    * gcc7-c++-32bit-7.5.0+r278197-13.1
  * Toolchain Module 12 (x86_64)
    * gcc7-ada-32bit-7.5.0+r278197-13.1
    * gcc7-ada-7.5.0+r278197-13.1
    * libada7-debuginfo-7.5.0+r278197-13.1
    * cross-nvptx-gcc7-7.5.0+r278197-13.1
    * gcc7-ada-debuginfo-7.5.0+r278197-13.1
    * libada7-32bit-debuginfo-7.5.0+r278197-13.1
    * cross-nvptx-newlib7-devel-7.5.0+r278197-13.1
    * libada7-7.5.0+r278197-13.1
    * libada7-32bit-7.5.0+r278197-13.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
    * libubsan0-debuginfo-7.5.0+r278197-13.1
    * libubsan0-7.5.0+r278197-13.1
    * gcc7-debugsource-7.5.0+r278197-13.1
    * libasan4-debuginfo-7.5.0+r278197-13.1
    * libgfortran4-7.5.0+r278197-13.1
    * libgfortran4-debuginfo-7.5.0+r278197-13.1
    * libasan4-7.5.0+r278197-13.1
    * gcc7-debuginfo-7.5.0+r278197-13.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    * libcilkrts5-32bit-7.5.0+r278197-13.1
    * libcilkrts5-debuginfo-7.5.0+r278197-13.1
    * libcilkrts5-7.5.0+r278197-13.1
    * libubsan0-32bit-7.5.0+r278197-13.1
    * libgfortran4-32bit-7.5.0+r278197-13.1
    * libasan4-32bit-7.5.0+r278197-13.1
  * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
    * libubsan0-debuginfo-7.5.0+r278197-13.1
    * libubsan0-7.5.0+r278197-13.1
    * gcc7-debugsource-7.5.0+r278197-13.1
    * libasan4-debuginfo-7.5.0+r278197-13.1
    * libgfortran4-7.5.0+r278197-13.1
    * libgfortran4-debuginfo-7.5.0+r278197-13.1
    * libasan4-7.5.0+r278197-13.1
    * gcc7-debuginfo-7.5.0+r278197-13.1
  * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
    * libubsan0-32bit-7.5.0+r278197-13.1
    * libasan4-32bit-7.5.0+r278197-13.1
    * libgfortran4-32bit-7.5.0+r278197-13.1
  * SUSE Linux Enterprise Server 12 SP5 (x86_64)
    * libcilkrts5-32bit-7.5.0+r278197-13.1
    * libcilkrts5-7.5.0+r278197-13.1
    * libcilkrts5-debuginfo-7.5.0+r278197-13.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
    * libubsan0-debuginfo-7.5.0+r278197-13.1
    * libubsan0-7.5.0+r278197-13.1
    * gcc7-debugsource-7.5.0+r278197-13.1
    * libasan4-debuginfo-7.5.0+r278197-13.1
    * libgfortran4-7.5.0+r278197-13.1
    * libgfortran4-debuginfo-7.5.0+r278197-13.1
    * libasan4-7.5.0+r278197-13.1
    * gcc7-debuginfo-7.5.0+r278197-13.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    * libcilkrts5-32bit-7.5.0+r278197-13.1
    * libcilkrts5-debuginfo-7.5.0+r278197-13.1
    * libcilkrts5-7.5.0+r278197-13.1
    * libubsan0-32bit-7.5.0+r278197-13.1
    * libgfortran4-32bit-7.5.0+r278197-13.1
    * libasan4-32bit-7.5.0+r278197-13.1

## References:

  * https://www.suse.com/security/cve/CVE-2019-14250.html
  * https://www.suse.com/security/cve/CVE-2019-15847.html
  * https://www.suse.com/security/cve/CVE-2020-13844.html
  * https://www.suse.com/security/cve/CVE-2023-4039.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1071995
  * https://bugzilla.suse.com/show_bug.cgi?id=1084842
  * https://bugzilla.suse.com/show_bug.cgi?id=1114592
  * https://bugzilla.suse.com/show_bug.cgi?id=1124644
  * https://bugzilla.suse.com/show_bug.cgi?id=1128794
  * https://bugzilla.suse.com/show_bug.cgi?id=1129389
  * https://bugzilla.suse.com/show_bug.cgi?id=1131264
  * https://bugzilla.suse.com/show_bug.cgi?id=1141897
  * https://bugzilla.suse.com/show_bug.cgi?id=1142649
  * https://bugzilla.suse.com/show_bug.cgi?id=1146475
  * https://bugzilla.suse.com/show_bug.cgi?id=1148517
  * https://bugzilla.suse.com/show_bug.cgi?id=1149145
  * https://bugzilla.suse.com/show_bug.cgi?id=1150164
  * https://bugzilla.suse.com/show_bug.cgi?id=1160086
  * https://bugzilla.suse.com/show_bug.cgi?id=1161913
  * https://bugzilla.suse.com/show_bug.cgi?id=1167939
  * https://bugzilla.suse.com/show_bug.cgi?id=1172798
  * https://bugzilla.suse.com/show_bug.cgi?id=1178577
  * https://bugzilla.suse.com/show_bug.cgi?id=1178614
  * https://bugzilla.suse.com/show_bug.cgi?id=1178624
  * https://bugzilla.suse.com/show_bug.cgi?id=1178675
  * https://bugzilla.suse.com/show_bug.cgi?id=1181618
  * https://bugzilla.suse.com/show_bug.cgi?id=1195517
  * https://bugzilla.suse.com/show_bug.cgi?id=1196861
  * https://bugzilla.suse.com/show_bug.cgi?id=1204505
  * https://bugzilla.suse.com/show_bug.cgi?id=1205145
  * https://bugzilla.suse.com/show_bug.cgi?id=1214052
  * https://jira.suse.com/login.jsp
  * https://jira.suse.com/login.jsp

SUSE: 2023:3662-1 important: gcc7

February 27, 2024

* bsc#1071995 * bsc#1084842 * bsc#1114592 * bsc#1124644 * bsc#1128794

Summary

## This update for gcc7 fixes the following issues: Security issues fixed: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). * CVE-2019-15847: Fixed POWER9 DARN miscompilation. (bsc#1149145) * CVE-2019-14250: Includes fix for LTO linker plugin heap overflow. (bsc#1142649) Update to GCC 7.5.0 release. Other changes: * Fixed KASAN kernel compile. (bsc#1205145) * Fixed ICE with C++17 code. (bsc#1204505) * Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): * Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * Do not handle exceptions in std::thread (jsc#CAR-1182) * add -fpatchable-function-entry feature to gcc-7. * Fixed glibc namespace violation with getauxval. (bsc#1167939) * Backport aarch64 Straight Line Speculation mitigation [bsc#1172798, CVE-2020-13844] * Enable fortran for the nvptx offload compiler. * Update README.First-for.SuSE.packagers * Avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. * Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. (jsc#SLE-12209, bsc#1167939) * Fixed memcpy miscompilation on aarch64. (bsc#1178624, bsc#1178577) * Fixed debug line info for try/catch. (bsc#1178614) * Fixed corruption of pass private ->aux via DF. (gcc#94148) * Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] * Fixed register allocation issue with exception handling code on s390x. (bsc#1161913) * Backport PR target/92692 to fix miscompilation of some atomic code on aarch64. (bsc#1150164) * Fixed miscompilation in vectorized code for s390x. (bsc#1160086) [gcc#92950] * Fixed miscompilation with thread-safe local static initialization. [gcc#85887] * Fixed debug info created for array definitions that complete an earlier declaration. [bsc#1146475] * Fixed vector shift miscompilation on s390. (bsc#1141897) * Add gcc7 -flive-patching patch. [bsc#1071995, fate#323487] * Strip -flto from $optflags. * Disables switch jump-tables when retpolines are used. (bsc#1131264, jsc#SLE-6738) * Fixed ICE compiling tensorflow on aarch64. (bsc#1129389) * Fixed for aarch64 FMA steering pass use-after-free. (bsc#1128794) * Fixed ICE compiling tensorflow. (bsc#1129389) * Fixed s390x FP load-and-test issue. (bsc#1124644) * Adjust gnat manual entries in the info directory. (bsc#1114592) * Fixed to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-3662=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * cpp7-7.5.0+r278197-13.1 * cpp7-debuginfo-7.5.0+r278197-13.1 * gcc7-locale-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * gcc7-c++-debuginfo-7.5.0+r278197-13.1 * gcc7-7.5.0+r278197-13.1 * libstdc++6-devel-gcc7-7.5.0+r278197-13.1 * gcc7-c++-7.5.0+r278197-13.1 * gcc7-fortran-debuginfo-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * gcc7-fortran-7.5.0+r278197-13.1 * Toolchain Module 12 (noarch) * gcc7-info-7.5.0+r278197-13.1 * Toolchain Module 12 (s390x x86_64) * libstdc++6-devel-gcc7-32bit-7.5.0+r278197-13.1 * gcc7-fortran-32bit-7.5.0+r278197-13.1 * gcc7-32bit-7.5.0+r278197-13.1 * gcc7-c++-32bit-7.5.0+r278197-13.1 * Toolchain Module 12 (x86_64) * gcc7-ada-32bit-7.5.0+r278197-13.1 * gcc7-ada-7.5.0+r278197-13.1 * libada7-debuginfo-7.5.0+r278197-13.1 * cross-nvptx-gcc7-7.5.0+r278197-13.1 * gcc7-ada-debuginfo-7.5.0+r278197-13.1 * libada7-32bit-debuginfo-7.5.0+r278197-13.1 * cross-nvptx-newlib7-devel-7.5.0+r278197-13.1 * libada7-7.5.0+r278197-13.1 * libada7-32bit-7.5.0+r278197-13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libubsan0-debuginfo-7.5.0+r278197-13.1 * libubsan0-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * libasan4-debuginfo-7.5.0+r278197-13.1 * libgfortran4-7.5.0+r278197-13.1 * libgfortran4-debuginfo-7.5.0+r278197-13.1 * libasan4-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcilkrts5-32bit-7.5.0+r278197-13.1 * libcilkrts5-debuginfo-7.5.0+r278197-13.1 * libcilkrts5-7.5.0+r278197-13.1 * libubsan0-32bit-7.5.0+r278197-13.1 * libgfortran4-32bit-7.5.0+r278197-13.1 * libasan4-32bit-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libubsan0-debuginfo-7.5.0+r278197-13.1 * libubsan0-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * libasan4-debuginfo-7.5.0+r278197-13.1 * libgfortran4-7.5.0+r278197-13.1 * libgfortran4-debuginfo-7.5.0+r278197-13.1 * libasan4-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libubsan0-32bit-7.5.0+r278197-13.1 * libasan4-32bit-7.5.0+r278197-13.1 * libgfortran4-32bit-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libcilkrts5-32bit-7.5.0+r278197-13.1 * libcilkrts5-7.5.0+r278197-13.1 * libcilkrts5-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libubsan0-debuginfo-7.5.0+r278197-13.1 * libubsan0-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * libasan4-debuginfo-7.5.0+r278197-13.1 * libgfortran4-7.5.0+r278197-13.1 * libgfortran4-debuginfo-7.5.0+r278197-13.1 * libasan4-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcilkrts5-32bit-7.5.0+r278197-13.1 * libcilkrts5-debuginfo-7.5.0+r278197-13.1 * libcilkrts5-7.5.0+r278197-13.1 * libubsan0-32bit-7.5.0+r278197-13.1 * libgfortran4-32bit-7.5.0+r278197-13.1 * libasan4-32bit-7.5.0+r278197-13.1

References

* bsc#1071995

* bsc#1084842

* bsc#1114592

* bsc#1124644

* bsc#1128794

* bsc#1129389

* bsc#1131264

* bsc#1141897

* bsc#1142649

* bsc#1146475

* bsc#1148517

* bsc#1149145

* bsc#1150164

* bsc#1160086

* bsc#1161913

* bsc#1167939

* bsc#1172798

* bsc#1178577

* bsc#1178614

* bsc#1178624

* bsc#1178675

* bsc#1181618

* bsc#1195517

* bsc#1196861

* bsc#1204505

* bsc#1205145

* bsc#1214052

* jsc#SLE-12209

* jsc#SLE-6738

Cross-

* CVE-2019-14250

* CVE-2019-15847

* CVE-2020-13844

* CVE-2023-4039

CVSS scores:

* CVE-2019-14250 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2019-14250 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-14250 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2019-15847 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2019-15847 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2019-15847 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2020-13844 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2020-13844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP2

* SUSE Linux Enterprise High Performance Computing 12 SP3

* SUSE Linux Enterprise High Performance Computing 12 SP4

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12

* SUSE Linux Enterprise Server 12 SP1

* SUSE Linux Enterprise Server 12 SP2

* SUSE Linux Enterprise Server 12 SP3

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12

* SUSE Linux Enterprise Server for SAP Applications 12 SP1

* SUSE Linux Enterprise Server for SAP Applications 12 SP2

* SUSE Linux Enterprise Server for SAP Applications 12 SP3

* SUSE Linux Enterprise Server for SAP Applications 12 SP4

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* Toolchain Module 12

An update that solves four vulnerabilities, contains two features and has 23

security fixes can now be installed.

* https://www.suse.com/security/cve/CVE-2019-14250.html

* https://www.suse.com/security/cve/CVE-2019-15847.html

* https://www.suse.com/security/cve/CVE-2020-13844.html

* https://www.suse.com/security/cve/CVE-2023-4039.html

* https://bugzilla.suse.com/show_bug.cgi?id=1071995

* https://bugzilla.suse.com/show_bug.cgi?id=1084842

* https://bugzilla.suse.com/show_bug.cgi?id=1114592

* https://bugzilla.suse.com/show_bug.cgi?id=1124644

* https://bugzilla.suse.com/show_bug.cgi?id=1128794

* https://bugzilla.suse.com/show_bug.cgi?id=1129389

* https://bugzilla.suse.com/show_bug.cgi?id=1131264

* https://bugzilla.suse.com/show_bug.cgi?id=1141897

* https://bugzilla.suse.com/show_bug.cgi?id=1142649

* https://bugzilla.suse.com/show_bug.cgi?id=1146475

* https://bugzilla.suse.com/show_bug.cgi?id=1148517

* https://bugzilla.suse.com/show_bug.cgi?id=1149145

* https://bugzilla.suse.com/show_bug.cgi?id=1150164

* https://bugzilla.suse.com/show_bug.cgi?id=1160086

* https://bugzilla.suse.com/show_bug.cgi?id=1161913

* https://bugzilla.suse.com/show_bug.cgi?id=1167939

* https://bugzilla.suse.com/show_bug.cgi?id=1172798

* https://bugzilla.suse.com/show_bug.cgi?id=1178577

* https://bugzilla.suse.com/show_bug.cgi?id=1178614

* https://bugzilla.suse.com/show_bug.cgi?id=1178624

* https://bugzilla.suse.com/show_bug.cgi?id=1178675

* https://bugzilla.suse.com/show_bug.cgi?id=1181618

* https://bugzilla.suse.com/show_bug.cgi?id=1195517

* https://bugzilla.suse.com/show_bug.cgi?id=1196861

* https://bugzilla.suse.com/show_bug.cgi?id=1204505

* https://bugzilla.suse.com/show_bug.cgi?id=1205145

* https://bugzilla.suse.com/show_bug.cgi?id=1214052

* https://jira.suse.com/login.jsp

Severity

Announcement ID: SUSE-SU-2023:3662-1

Rating: important

SUSE: 2023:3662-1 important: gcc7

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By