Security update for gcc48 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0379-1 Final 1 1 2017-02-03T17:46:46Z current 2017-02-03T17:46:46Z 2017-02-03T17:46:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gcc48 This update for gcc48 to version 4.8.5 fixes several issues. This security issue was fixed: - CVE-2015-5276: The std::random_device class in libstdc++ did not properly handle short reads from blocking sources, which made it easier for context-dependent attackers to predict the random values via unspecified vectors (bsc#945842). These non-security issues were fixed: - Provide missing libasan0-32bit and other multilibs via the updated product description [bsc#951644] - Fixed libffi issue for armv7l [bsc#988274] - Fixed libffi issue for armv7l [bsc#988274] - Fixed a kernel miscompile on aarch64 [bnc#981311] - Fixed a ppc64le ICE. [bnc#976627] - Fixed issue with using gcov and #pragma pack [bsc#977654] - Fixed samba build on AARCH64 [bsc#970009] - Fixed HTM builtins on powerpc [bsc#955382] - Fixed build of SLOF [bsc#949000] - Fixed libffi issues on aarch64 [bsc#948168] - Fixed no_instrument_function attribute handling on PPC64 with -mprofile-kernel [bsc#947791] - Fixed bogus integer overflow in constant expression [bsc#934689] - Fixed ICE with atomics on aarch64 [bsc#930176] - Fixed -imacros bug [bsc#917169] - Fixed incorrect -Warray-bounds warnings [bsc#919274] - Updated -mhotpatch for s390x [bsc#924525] - Fixed ppc64le issue with doubleword vector extract [bsc#924687] - Fixed reload issue on S390. - Keep functions leaf when they are instrumented for profiling on s390[x] [bsc#899871] - Avoid accessing invalid memory when passing aggregates by value [bsc#922534] - Rework of the memory allocator for C++ exceptions used in OOM situations [bsc#889990] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-gcc48-12968 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170379-1/ Link for SUSE-SU-2017:0379-1 https://lists.suse.com/pipermail/sle-security-updates/2017-February/002618.html E-Mail link for SUSE-SU-2017:0379-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1011348 SUSE Bug 1011348 https://bugzilla.suse.com/889990 SUSE Bug 889990 https://bugzilla.suse.com/899871 SUSE Bug 899871 https://bugzilla.suse.com/917169 SUSE Bug 917169 https://bugzilla.suse.com/919274 SUSE Bug 919274 https://bugzilla.suse.com/922534 SUSE Bug 922534 https://bugzilla.suse.com/924525 SUSE Bug 924525 https://bugzilla.suse.com/924687 SUSE Bug 924687 https://bugzilla.suse.com/930176 SUSE Bug 930176 https://bugzilla.suse.com/934689 SUSE Bug 934689 https://bugzilla.suse.com/945842 SUSE Bug 945842 https://bugzilla.suse.com/947772 SUSE Bug 947772 https://bugzilla.suse.com/947791 SUSE Bug 947791 https://bugzilla.suse.com/948168 SUSE Bug 948168 https://bugzilla.suse.com/949000 SUSE Bug 949000 https://bugzilla.suse.com/951644 SUSE Bug 951644 https://bugzilla.suse.com/955382 SUSE Bug 955382 https://bugzilla.suse.com/970009 SUSE Bug 970009 https://bugzilla.suse.com/976627 SUSE Bug 976627 https://bugzilla.suse.com/977654 SUSE Bug 977654 https://bugzilla.suse.com/981311 SUSE Bug 981311 https://bugzilla.suse.com/988274 SUSE Bug 988274 https://www.suse.com/security/cve/CVE-2015-5276/ SUSE CVE CVE-2015-5276 page SUSE Linux Enterprise Software Development Kit 11 SP4 cpp48-4.8.5-4.2 gcc48-4.8.5-4.2 gcc48-32bit-4.8.5-4.2 gcc48-c++-4.8.5-4.2 gcc48-fortran-4.8.5-4.2 gcc48-fortran-32bit-4.8.5-4.2 gcc48-info-4.8.5-4.2 gcc48-locale-4.8.5-4.2 libasan0-4.8.5-4.2 libasan0-32bit-4.8.5-4.2 libstdc++48-devel-4.8.5-4.2 libstdc++48-devel-32bit-4.8.5-4.2 cpp48-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-32bit-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-c++-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-fortran-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-fortran-32bit-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-info-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gcc48-locale-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libasan0-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libasan0-32bit-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libstdc++48-devel-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libstdc++48-devel-32bit-4.8.5-4.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. CVE-2015-5276 SUSE Linux Enterprise Software Development Kit 11 SP4:cpp48-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-32bit-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-c++-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-fortran-32bit-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-fortran-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-info-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:gcc48-locale-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libasan0-32bit-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libasan0-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libstdc++48-devel-32bit-4.8.5-4.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libstdc++48-devel-4.8.5-4.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170379-1/ https://www.suse.com/security/cve/CVE-2015-5276.html CVE-2015-5276 https://bugzilla.suse.com/945842 SUSE Bug 945842