Ubuntu 5770-1: GCC vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5770-1
December 08, 2022

gcc-5, gccgo-6 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

GNU Compiler Collection's (GCC) random number generation could be
made less random with specially crafted input.

Software Description:
- gcc-5: GNU C compiler
- gccgo-6: GNU Go compiler

Details:

Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
g++-5 5.4.0-6ubuntu1~16.04.12+esm2
gcc-5 5.4.0-6ubuntu1~16.04.12+esm2
gccgo-5 5.4.0-6ubuntu1~16.04.12+esm2
gccgo-6 6.0.1-0ubuntu1+esm1
gcj-5 5.4.0-6ubuntu1~16.04.12+esm2
gcj-5-jdk 5.4.0-6ubuntu1~16.04.12+esm2
gcj-5-jre-headless 5.4.0-6ubuntu1~16.04.12+esm2
gdc-5 5.4.0-6ubuntu1~16.04.12+esm2
gfortran-5 5.4.0-6ubuntu1~16.04.12+esm2
gnat-5 5.4.0-6ubuntu1~16.04.12+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5770-1
CVE-2017-11671

Ubuntu 5770-1: GCC vulnerability

December 8, 2022
GNU Compiler Collection's (GCC) random number generation could be made less random with specially crafted input.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: GNU Compiler Collection's (GCC) random number generation could be made less random with specially crafted input. Software Description: - gcc-5: GNU C compiler - gccgo-6: GNU Go compiler Details: Todd Eisenberger discovered that certain versions of GNU Compiler Collection (GCC) could be made to clobber the status flag of RDRAND and RDSEED with specially crafted input. This could potentially lead to less randomness in random number generation.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: g++-5 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-6 6.0.1-0ubuntu1+esm1 gcj-5 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jdk 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-headless 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5 5.4.0-6ubuntu1~16.04.12+esm2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5770-1

CVE-2017-11671

Severity
Ubuntu Security Notice USN-5770-1

Package Information