Explore top 10 tips to secure your open-source projects now. Read More
×
GNU Compiler Collection's (GCC) random number generation could be
made less random with specially crafted input.
Software Description:
- gcc-5: GNU C compiler
- gccgo-6: GNU Go compiler
Details:
Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: g++-5 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-6 6.0.1-0ubuntu1+esm1 gcj-5 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jdk 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-headless 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5 5.4.0-6ubuntu1~16.04.12+esm2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5770-1
CVE-2017-11671
Get the latest Linux and open source security news straight to your inbox.