Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 alsa-lib Important Denial of Service Fix USN-8044-2

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

Calendar White Jun 09, 2026
Important
Mageia Large Esm H800
Mageia

Mageia 9 Suricata Critical Performance Security Issues MGASA-2026-0181

Calendar White Jun 09, 2026
Critical
Mageia Large Esm H900
Mageia

Mageia 9 PackageKit Important TOCTOU Race Escalation CVE-2026-41651

Calendar White Jun 09, 2026
Important
Mageia Large Esm H900
Mageia

Mageia 9 Unbound Critical Remote Code Execution Advisory 2026-0034

Calendar White Jun 09, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar White Jun 09, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Calendar White Jun 08, 2026
Fedora Large Esm H900
Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Calendar White Jun 08, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySUSEimportant fix

SUSE: 2023:3662-1 Important: Gcc7 Stack Protector Security Update

* bsc#1071995 * bsc#1084842 * bsc#1114592 * bsc#1124644 * bsc#1128794 . # Security update for gcc7 Announcement ID: SUSE-SU-2023:3662-1 Rating: important References: * bsc#1071995 * bsc#1084842 * bsc#1114592 * bsc#1124644 * bsc#1128794 * bsc#1129389 * bsc#1131264 * bsc#1141897 * bsc#1142649 * bsc#1146475 * bsc#1148517 * bsc#1149145 * bsc#1150164 * bsc#1160086 * bsc#1161913 * bsc#1167939 * bsc#1172798 * bsc#1178577 * bsc#1178614 * bsc#1178624 * bsc#1178675 * bsc#1181618 * bsc#1195517 * bsc#1196861 * bsc#1204505 * bsc#1205145 * bsc#1214052 * jsc#SLE-12209 * jsc#SLE-6738 Cross-References: * CVE-2019-14250 * CVE-2019-15847 * CVE-2020-13844 * CVE-2023-4039 CVSS scores: * CVE-2019-14250 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2019-14250 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-14250 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2019-15847 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2019-15847 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2019-15847 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-13844 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2020-13844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux EnterpriseServer for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that solves four vulnerabilities, contains two features and has 23 security fixes can now be installed. ## Description: This update for gcc7 fixes the following issues: Security issues fixed: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). * CVE-2019-15847: Fixed POWER9 DARN miscompilation. (bsc#1149145) * CVE-2019-14250: Includes fix for LTO linker plugin heap overflow. (bsc#1142649) Update to GCC 7.5.0 release. Other changes: * Fixed KASAN kernel compile. (bsc#1205145) * Fixed ICE with C++17 code. (bsc#1204505) * Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): * Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * Do not handle exceptions in std::thread (jsc#CAR-1182) * add -fpatchable-function-entry feature to gcc-7. * Fixed glibc namespace violation with getauxval. (bsc#1167939) * Backport aarch64 Straight Line Speculation mitigation [bsc#1172798, CVE-2020-13844] * Enable fortran for the nvptx offload compiler. * Update README.First-for.SuSE.packagers * Avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. * Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. (jsc#SLE-12209, bsc#1167939) * Fixed memcpy miscompilation on aarch64. (bsc#1178624, bsc#1178577) * Fixed debug line info for try/catch. (bsc#1178614) * Fixed corruption of pass private -> aux via DF. (gcc#94148) * Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] * Fixed register allocation issue with exception handling code on s390x. (bsc#1161913) * Backport PR target/92692 to fixmiscompilation of some atomic code on aarch64. (bsc#1150164) * Fixed miscompilation in vectorized code for s390x. (bsc#1160086) [gcc#92950] * Fixed miscompilation with thread-safe local static initialization. [gcc#85887] * Fixed debug info created for array definitions that complete an earlier declaration. [bsc#1146475] * Fixed vector shift miscompilation on s390. (bsc#1141897) * Add gcc7 -flive-patching patch. [bsc#1071995, fate#323487] * Strip -flto from $optflags. * Disables switch jump-tables when retpolines are used. (bsc#1131264, jsc#SLE-6738) * Fixed ICE compiling tensorflow on aarch64. (bsc#1129389) * Fixed for aarch64 FMA steering pass use-after-free. (bsc#1128794) * Fixed ICE compiling tensorflow. (bsc#1129389) * Fixed s390x FP load-and-test issue. (bsc#1124644) * Adjust gnat manual entries in the info directory. (bsc#1114592) * Fixed to no longer try linking -lieee with -mieee-fp. (bsc#1084842) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-3662=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1 ## Package List: * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * cpp7-7.5.0+r278197-13.1 * cpp7-debuginfo-7.5.0+r278197-13.1 * gcc7-locale-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * gcc7-c++-debuginfo-7.5.0+r278197-13.1 * gcc7-7.5.0+r278197-13.1 * libstdc++6-devel-gcc7-7.5.0+r278197-13.1 * gcc7-c++-7.5.0+r278197-13.1 * gcc7-fortran-debuginfo-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * gcc7-fortran-7.5.0+r278197-13.1 * Toolchain Module 12(noarch) * gcc7-info-7.5.0+r278197-13.1 * Toolchain Module 12 (s390x x86_64) * libstdc++6-devel-gcc7-32bit-7.5.0+r278197-13.1 * gcc7-fortran-32bit-7.5.0+r278197-13.1 * gcc7-32bit-7.5.0+r278197-13.1 * gcc7-c++-32bit-7.5.0+r278197-13.1 * Toolchain Module 12 (x86_64) * gcc7-ada-32bit-7.5.0+r278197-13.1 * gcc7-ada-7.5.0+r278197-13.1 * libada7-debuginfo-7.5.0+r278197-13.1 * cross-nvptx-gcc7-7.5.0+r278197-13.1 * gcc7-ada-debuginfo-7.5.0+r278197-13.1 * libada7-32bit-debuginfo-7.5.0+r278197-13.1 * cross-nvptx-newlib7-devel-7.5.0+r278197-13.1 * libada7-7.5.0+r278197-13.1 * libada7-32bit-7.5.0+r278197-13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libubsan0-debuginfo-7.5.0+r278197-13.1 * libubsan0-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * libasan4-debuginfo-7.5.0+r278197-13.1 * libgfortran4-7.5.0+r278197-13.1 * libgfortran4-debuginfo-7.5.0+r278197-13.1 * libasan4-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libcilkrts5-32bit-7.5.0+r278197-13.1 * libcilkrts5-debuginfo-7.5.0+r278197-13.1 * libcilkrts5-7.5.0+r278197-13.1 * libubsan0-32bit-7.5.0+r278197-13.1 * libgfortran4-32bit-7.5.0+r278197-13.1 * libasan4-32bit-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libubsan0-debuginfo-7.5.0+r278197-13.1 * libubsan0-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * libasan4-debuginfo-7.5.0+r278197-13.1 * libgfortran4-7.5.0+r278197-13.1 * libgfortran4-debuginfo-7.5.0+r278197-13.1 * libasan4-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libubsan0-32bit-7.5.0+r278197-13.1 * libasan4-32bit-7.5.0+r278197-13.1 * libgfortran4-32bit-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libcilkrts5-32bit-7.5.0+r278197-13.1 * libcilkrts5-7.5.0+r278197-13.1 * libcilkrts5-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server for SAPApplications 12 SP5 (ppc64le x86_64) * libubsan0-debuginfo-7.5.0+r278197-13.1 * libubsan0-7.5.0+r278197-13.1 * gcc7-debugsource-7.5.0+r278197-13.1 * libasan4-debuginfo-7.5.0+r278197-13.1 * libgfortran4-7.5.0+r278197-13.1 * libgfortran4-debuginfo-7.5.0+r278197-13.1 * libasan4-7.5.0+r278197-13.1 * gcc7-debuginfo-7.5.0+r278197-13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libcilkrts5-32bit-7.5.0+r278197-13.1 * libcilkrts5-debuginfo-7.5.0+r278197-13.1 * libcilkrts5-7.5.0+r278197-13.1 * libubsan0-32bit-7.5.0+r278197-13.1 * libgfortran4-32bit-7.5.0+r278197-13.1 * libasan4-32bit-7.5.0+r278197-13.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14250.html * https://www.suse.com/security/cve/CVE-2019-15847.html * https://www.suse.com/security/cve/CVE-2020-13844.html * https://www.suse.com/security/cve/CVE-2023-4039.html * https://bugzilla.suse.com/show_bug.cgi?id=1071995 * https://bugzilla.suse.com/show_bug.cgi?id=1084842 * https://bugzilla.suse.com/show_bug.cgi?id=1114592 * https://bugzilla.suse.com/show_bug.cgi?id=1124644 * https://bugzilla.suse.com/show_bug.cgi?id=1128794 * https://bugzilla.suse.com/show_bug.cgi?id=1129389 * https://bugzilla.suse.com/show_bug.cgi?id=1131264 * https://bugzilla.suse.com/show_bug.cgi?id=1141897 * https://bugzilla.suse.com/show_bug.cgi?id=1142649 * https://bugzilla.suse.com/show_bug.cgi?id=1146475 * https://bugzilla.suse.com/show_bug.cgi?id=1148517 * https://bugzilla.suse.com/show_bug.cgi?id=1149145 * https://bugzilla.suse.com/show_bug.cgi?id=1150164 * https://bugzilla.suse.com/show_bug.cgi?id=1160086 * https://bugzilla.suse.com/show_bug.cgi?id=1161913 * https://bugzilla.suse.com/show_bug.cgi?id=1167939 * https://bugzilla.suse.com/show_bug.cgi?id=1172798 * https://bugzilla.suse.com/show_bug.cgi?id=1178577 * https://bugzilla.suse.com/show_bug.cgi?id=1178614 * https://bugzilla.suse.com/show_bug.cgi?id=1178624 * https://bugzilla.suse.com/show_bug.cgi?id=1178675 *https://bugzilla.suse.com/show_bug.cgi?id=1181618 * https://bugzilla.suse.com/show_bug.cgi?id=1195517 * https://bugzilla.suse.com/show_bug.cgi?id=1196861 * https://bugzilla.suse.com/show_bug.cgi?id=1204505 * https://bugzilla.suse.com/show_bug.cgi?id=1205145 * https://bugzilla.suse.com/show_bug.cgi?id=1214052 * * . A significant gcc7 security patch for Fedora introduces numerous corrections, tackling various vulnerabilities, and improving overall system integrity.. SUSE Linux Update,GCC Security Fix,SUSE Security Patch,GCC Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 27, 2024 Important SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity update

openSUSE 15.2: Security Update ID 2020:2301-1 Moderate: gcc7 DoS Mitigation

An update that solves one vulnerability and has 7 fixes is now available. . openSUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2301-1 Rating: moderate References: #1150164 #1161913 #1167939 #1172798 #1178577 #1178614 #1178624 #1178675 Cross-References: CVE-2020-13844 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private -> aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSErecommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2301=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): cpp7-7.5.0+r278197-lp152.3.3.1 cpp7-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-7.5.0+r278197-lp152.3.3.1 gcc7-ada-7.5.0+r278197-lp152.3.3.1 gcc7-ada-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-c++-7.5.0+r278197-lp152.3.3.1 gcc7-c++-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-debugsource-7.5.0+r278197-lp152.3.3.1 gcc7-fortran-7.5.0+r278197-lp152.3.3.1 gcc7-fortran-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-go-7.5.0+r278197-lp152.3.3.1 gcc7-go-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-locale-7.5.0+r278197-lp152.3.3.1 gcc7-obj-c++-7.5.0+r278197-lp152.3.3.1 gcc7-obj-c++-debuginfo-7.5.0+r278197-lp152.3.3.1 gcc7-objc-7.5.0+r278197-lp152.3.3.1 gcc7-objc-debuginfo-7.5.0+r278197-lp152.3.3.1 libada7-7.5.0+r278197-lp152.3.3.1 libada7-debuginfo-7.5.0+r278197-lp152.3.3.1 libasan4-7.5.0+r278197-lp152.3.3.1 libasan4-debuginfo-7.5.0+r278197-lp152.3.3.1 libcilkrts5-7.5.0+r278197-lp152.3.3.1 libcilkrts5-debuginfo-7.5.0+r278197-lp152.3.3.1 libgfortran4-7.5.0+r278197-lp152.3.3.1 libgfortran4-debuginfo-7.5.0+r278197-lp152.3.3.1 libgo11-7.5.0+r278197-lp152.3.3.1 libgo11-debuginfo-7.5.0+r278197-lp152.3.3.1 libstdc++6-devel-gcc7-7.5.0+r278197-lp152.3.3.1 libubsan0-7.5.0+r278197-lp152.3.3.1 libubsan0-debuginfo-7.5.0+r278197-lp152.3.3.1 - openSUSE Leap 15.2 (noarch): gcc7-info-7.5.0+r278197-lp152.3.3.1 - openSUSE Leap 15.2 (x86_64): gcc7-32bit-7.5.0+r278197-lp152.3.3.1 gcc7-ada-32bit-7.5.0+r278197-lp152.3.3.1 gcc7-c++-32bit-7.5.0+r278197-lp152.3.3.1 gcc7-fortran-32bit-7.5.0+r278197-lp152.3.3.1 gcc7-go-32bit-7.5.0+r278197-lp152.3.3.1 gcc7-obj-c++-32bit-7.5.0+r278197-lp152.3.3.1 gcc7-objc-32bit-7.5.0+r278197-lp152.3.3.1 libada7-32bit-7.5.0+r278197-lp152.3.3.1 libada7-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1 libasan4-32bit-7.5.0+r278197-lp152.3.3.1 libasan4-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1 libcilkrts5-32bit-7.5.0+r278197-lp152.3.3.1 libcilkrts5-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1 libgfortran4-32bit-7.5.0+r278197-lp152.3.3.1 libgfortran4-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1 libgo11-32bit-7.5.0+r278197-lp152.3.3.1 libgo11-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-lp152.3.3.1 libubsan0-32bit-7.5.0+r278197-lp152.3.3.1 libubsan0-32bit-debuginfo-7.5.0+r278197-lp152.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13844.html https://bugzilla.suse.com/1150164 https://bugzilla.suse.com/1161913 https://bugzilla.suse.com/1167939 https://bugzilla.suse.com/1172798 https://bugzilla.suse.com/1178577 https://bugzilla.suse.com/1178614 https://bugzilla.suse.com/1178624 https://bugzilla.suse.com/1178675 _______________________________________________ openSUSE Security Announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe, email This email address is being protected from spambots. You need JavaScript enabled to view it. List Netiquette: List Archives: . A recent update for openSUSE has been released for gcc7, rectifying a moderately severe vulnerability, along with several patches now ready for deployment.. openSUSE Security Update,gcc7 fix,compiler security patch,moderate threat. . LinuxSecurity.com Team

Calendar 2 Dec 20, 2020 OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateupdate

SUSE: 2020:3749-1 Moderate: Mitigation for aarch64 Speculation

An update that solves one vulnerability, contains one feature and has 7 fixes is now available. . SUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3749-1 Rating: moderate References: #1150164 #1161913 #1167939 #1172798 #1178577 #1178614 #1178624 #1178675 SLE-12209 Cross-References: CVE-2020-13844 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 7 fixes is now available. Description: This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private -> aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3749=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2020-3749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-3749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-3749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3749=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3749=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3749=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patchSUSE-SLE-Product-HPC-15-2020-3749=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): gcc7-info-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cpp7-7.5.0+r278197-4.19.2 cpp7-debuginfo-7.5.0+r278197-4.19.2 gcc7-7.5.0+r278197-4.19.2 gcc7-ada-7.5.0+r278197-4.19.2 gcc7-ada-debuginfo-7.5.0+r278197-4.19.2 gcc7-c++-7.5.0+r278197-4.19.2 gcc7-c++-debuginfo-7.5.0+r278197-4.19.2 gcc7-debuginfo-7.5.0+r278197-4.19.2 gcc7-debugsource-7.5.0+r278197-4.19.2 gcc7-fortran-7.5.0+r278197-4.19.2 gcc7-fortran-debuginfo-7.5.0+r278197-4.19.2 gcc7-locale-7.5.0+r278197-4.19.2 gcc7-objc-7.5.0+r278197-4.19.2 gcc7-objc-debuginfo-7.5.0+r278197-4.19.2 libada7-7.5.0+r278197-4.19.2 libada7-debuginfo-7.5.0+r278197-4.19.2 libasan4-7.5.0+r278197-4.19.2 libasan4-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-7.5.0+r278197-4.19.2 libgfortran4-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-7.5.0+r278197-4.19.2 libubsan0-7.5.0+r278197-4.19.2 libubsan0-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.19.2 cross-nvptx-newlib7-devel-7.5.0+r278197-4.19.2 gcc7-32bit-7.5.0+r278197-4.19.2 gcc7-c++-32bit-7.5.0+r278197-4.19.2 gcc7-fortran-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-7.5.0+r278197-4.19.2 libasan4-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-32bit-7.5.0+r278197-4.19.2 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.19.2 libcilkrts5-7.5.0+r278197-4.19.2 libcilkrts5-debuginfo-7.5.0+r278197-4.19.2 libgfortran4-32bit-7.5.0+r278197-4.19.2 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.19.2 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-7.5.0+r278197-4.19.2 libubsan0-32bit-debuginfo-7.5.0+r278197-4.19.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): gcc7-info-7.5.0+r278197-4.19.2 References: https://www.suse.com/security/cve/CVE-2020-13844.html https://bugzilla.suse.com/1150164 https://bugzilla.suse.com/1161913 https://bugzilla.suse.com/1167939 https://bugzilla.suse.com/1172798 https://bugzilla.suse.com/1178577 https://bugzilla.suse.com/1178614 https://bugzilla.suse.com/1178624 https://bugzilla.suse.com/1178675 . SUSE has released a security update for gcc7, whichtackles a single vulnerability and includes seven important corrections categorized with moderate severity.. SUSE Linux, gcc7 Fix, Security Update. . LinuxSecurity.com Team

Calendar 2 Dec 10, 2020 SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity fix

openSUSE: 2019:2365-1 Moderate: gcc7 Integer Overflow Fix

An update that solves two vulnerabilities and has three fixes is now available.. openSUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2365-1 Rating: moderate References: #1071995 #1141897 #1142649 #1148517 #1149145 Cross-References: CVE-2019-14250 CVE-2019-15847 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2365=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): cpp7-7.4.1+r275405-lp150.12.1 cpp7-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-7.4.1+r275405-lp150.12.1 gcc7-ada-7.4.1+r275405-lp150.12.1 gcc7-ada-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-c++-7.4.1+r275405-lp150.12.1 gcc7-c++-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-debugsource-7.4.1+r275405-lp150.12.1 gcc7-fortran-7.4.1+r275405-lp150.12.1 gcc7-fortran-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-go-7.4.1+r275405-lp150.12.1 gcc7-go-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-locale-7.4.1+r275405-lp150.12.1 gcc7-obj-c++-7.4.1+r275405-lp150.12.1 gcc7-obj-c++-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-objc-7.4.1+r275405-lp150.12.1 gcc7-objc-debuginfo-7.4.1+r275405-lp150.12.1 libada7-7.4.1+r275405-lp150.12.1 libada7-debuginfo-7.4.1+r275405-lp150.12.1 libasan4-7.4.1+r275405-lp150.12.1 libasan4-debuginfo-7.4.1+r275405-lp150.12.1 libcilkrts5-7.4.1+r275405-lp150.12.1 libcilkrts5-debuginfo-7.4.1+r275405-lp150.12.1 libgfortran4-7.4.1+r275405-lp150.12.1 libgfortran4-debuginfo-7.4.1+r275405-lp150.12.1 libgo11-7.4.1+r275405-lp150.12.1 libgo11-debuginfo-7.4.1+r275405-lp150.12.1 libobjc4-7.4.1+r275405-lp150.12.1 libobjc4-debuginfo-7.4.1+r275405-lp150.12.1 libstdc++6-devel-gcc7-7.4.1+r275405-lp150.12.1 libubsan0-7.4.1+r275405-lp150.12.1 libubsan0-debuginfo-7.4.1+r275405-lp150.12.1 - openSUSE Leap 15.0 (x86_64): gcc7-32bit-7.4.1+r275405-lp150.12.1 gcc7-ada-32bit-7.4.1+r275405-lp150.12.1 gcc7-c++-32bit-7.4.1+r275405-lp150.12.1 gcc7-fortran-32bit-7.4.1+r275405-lp150.12.1 gcc7-go-32bit-7.4.1+r275405-lp150.12.1 gcc7-obj-c++-32bit-7.4.1+r275405-lp150.12.1 gcc7-objc-32bit-7.4.1+r275405-lp150.12.1 libada7-32bit-7.4.1+r275405-lp150.12.1 libada7-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libasan4-32bit-7.4.1+r275405-lp150.12.1 libasan4-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libcilkrts5-32bit-7.4.1+r275405-lp150.12.1 libcilkrts5-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libgfortran4-32bit-7.4.1+r275405-lp150.12.1 libgfortran4-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libgo11-32bit-7.4.1+r275405-lp150.12.1 libgo11-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libobjc4-32bit-7.4.1+r275405-lp150.12.1 libobjc4-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-lp150.12.1 libubsan0-32bit-7.4.1+r275405-lp150.12.1 libubsan0-32bit-debuginfo-7.4.1+r275405-lp150.12.1 - openSUSE Leap 15.0 (noarch): gcc7-info-7.4.1+r275405-lp150.12.1 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-15847.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1141897 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1148517 https://bugzilla.suse.com/1149145 -- . openSUSE gcc7 security patch resolves a pair of issues rated as moderate severity, incorporating numerous fixes.. openSUSE Security Update, gcc7 fixes, moderate severity issues, security update. . LinuxSecurity.com Team

Calendar 2 Oct 22, 2019 OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here