SUSE-SU-2023:3662-1: important: Security update for gcc7
SLE-SECURITY-UPDATES
null at suse.de
Tue Feb 27 12:44:07 UTC 2024
# Security update for gcc7
Announcement ID: SUSE-SU-2023:3662-1
Rating: important
References:
* bsc#1071995
* bsc#1084842
* bsc#1114592
* bsc#1124644
* bsc#1128794
* bsc#1129389
* bsc#1131264
* bsc#1141897
* bsc#1142649
* bsc#1146475
* bsc#1148517
* bsc#1149145
* bsc#1150164
* bsc#1160086
* bsc#1161913
* bsc#1167939
* bsc#1172798
* bsc#1178577
* bsc#1178614
* bsc#1178624
* bsc#1178675
* bsc#1181618
* bsc#1195517
* bsc#1196861
* bsc#1204505
* bsc#1205145
* bsc#1214052
* jsc#SLE-12209
* jsc#SLE-6738
Cross-References:
* CVE-2019-14250
* CVE-2019-15847
* CVE-2020-13844
* CVE-2023-4039
CVSS scores:
* CVE-2019-14250 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2019-14250 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2019-14250 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2019-15847 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2019-15847 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2019-15847 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-13844 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-13844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP2
* SUSE Linux Enterprise High Performance Computing 12 SP3
* SUSE Linux Enterprise High Performance Computing 12 SP4
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12
* SUSE Linux Enterprise Server 12 SP1
* SUSE Linux Enterprise Server 12 SP2
* SUSE Linux Enterprise Server 12 SP3
* SUSE Linux Enterprise Server 12 SP4
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12
* SUSE Linux Enterprise Server for SAP Applications 12 SP1
* SUSE Linux Enterprise Server for SAP Applications 12 SP2
* SUSE Linux Enterprise Server for SAP Applications 12 SP3
* SUSE Linux Enterprise Server for SAP Applications 12 SP4
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* Toolchain Module 12
An update that solves four vulnerabilities, contains two features and has 23
security fixes can now be installed.
## Description:
This update for gcc7 fixes the following issues:
Security issues fixed:
* CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64
(bsc#1214052).
* CVE-2019-15847: Fixed POWER9 DARN miscompilation. (bsc#1149145)
* CVE-2019-14250: Includes fix for LTO linker plugin heap overflow.
(bsc#1142649)
Update to GCC 7.5.0 release.
Other changes:
* Fixed KASAN kernel compile. (bsc#1205145)
* Fixed ICE with C++17 code. (bsc#1204505)
* Fixed altivec.h redefining bool in C++ which makes bool unusable
(bsc#1195517):
* Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* Do not handle exceptions in std::thread (jsc#CAR-1182)
* add -fpatchable-function-entry feature to gcc-7.
* Fixed glibc namespace violation with getauxval. (bsc#1167939)
* Backport aarch64 Straight Line Speculation mitigation [bsc#1172798,
CVE-2020-13844]
* Enable fortran for the nvptx offload compiler.
* Update README.First-for.SuSE.packagers
* Avoid assembler errors with AVX512 gather and scatter instructions when
using -masm=intel.
* Backport the aarch64 -moutline-atomics feature and accumulated fixes but not
its default enabling. (jsc#SLE-12209, bsc#1167939)
* Fixed memcpy miscompilation on aarch64. (bsc#1178624, bsc#1178577)
* Fixed debug line info for try/catch. (bsc#1178614)
* Fixed corruption of pass private ->aux via DF. (gcc#94148)
* Fixed debug information issue with inlined functions and passed by reference
arguments. [gcc#93888]
* Fixed register allocation issue with exception handling code on s390x.
(bsc#1161913)
* Backport PR target/92692 to fix miscompilation of some atomic code on
aarch64. (bsc#1150164)
* Fixed miscompilation in vectorized code for s390x. (bsc#1160086) [gcc#92950]
* Fixed miscompilation with thread-safe local static initialization.
[gcc#85887]
* Fixed debug info created for array definitions that complete an earlier
declaration. [bsc#1146475]
* Fixed vector shift miscompilation on s390. (bsc#1141897)
* Add gcc7 -flive-patching patch. [bsc#1071995, fate#323487]
* Strip -flto from $optflags.
* Disables switch jump-tables when retpolines are used. (bsc#1131264,
jsc#SLE-6738)
* Fixed ICE compiling tensorflow on aarch64. (bsc#1129389)
* Fixed for aarch64 FMA steering pass use-after-free. (bsc#1128794)
* Fixed ICE compiling tensorflow. (bsc#1129389)
* Fixed s390x FP load-and-test issue. (bsc#1124644)
* Adjust gnat manual entries in the info directory. (bsc#1114592)
* Fixed to no longer try linking -lieee with -mieee-fp. (bsc#1084842)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Toolchain Module 12
zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-3662=1
* SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1
* SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1
## Package List:
* Toolchain Module 12 (aarch64 ppc64le s390x x86_64)
* cpp7-7.5.0+r278197-13.1
* cpp7-debuginfo-7.5.0+r278197-13.1
* gcc7-locale-7.5.0+r278197-13.1
* gcc7-debugsource-7.5.0+r278197-13.1
* gcc7-c++-debuginfo-7.5.0+r278197-13.1
* gcc7-7.5.0+r278197-13.1
* libstdc++6-devel-gcc7-7.5.0+r278197-13.1
* gcc7-c++-7.5.0+r278197-13.1
* gcc7-fortran-debuginfo-7.5.0+r278197-13.1
* gcc7-debuginfo-7.5.0+r278197-13.1
* gcc7-fortran-7.5.0+r278197-13.1
* Toolchain Module 12 (noarch)
* gcc7-info-7.5.0+r278197-13.1
* Toolchain Module 12 (s390x x86_64)
* libstdc++6-devel-gcc7-32bit-7.5.0+r278197-13.1
* gcc7-fortran-32bit-7.5.0+r278197-13.1
* gcc7-32bit-7.5.0+r278197-13.1
* gcc7-c++-32bit-7.5.0+r278197-13.1
* Toolchain Module 12 (x86_64)
* gcc7-ada-32bit-7.5.0+r278197-13.1
* gcc7-ada-7.5.0+r278197-13.1
* libada7-debuginfo-7.5.0+r278197-13.1
* cross-nvptx-gcc7-7.5.0+r278197-13.1
* gcc7-ada-debuginfo-7.5.0+r278197-13.1
* libada7-32bit-debuginfo-7.5.0+r278197-13.1
* cross-nvptx-newlib7-devel-7.5.0+r278197-13.1
* libada7-7.5.0+r278197-13.1
* libada7-32bit-7.5.0+r278197-13.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
* libubsan0-debuginfo-7.5.0+r278197-13.1
* libubsan0-7.5.0+r278197-13.1
* gcc7-debugsource-7.5.0+r278197-13.1
* libasan4-debuginfo-7.5.0+r278197-13.1
* libgfortran4-7.5.0+r278197-13.1
* libgfortran4-debuginfo-7.5.0+r278197-13.1
* libasan4-7.5.0+r278197-13.1
* gcc7-debuginfo-7.5.0+r278197-13.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
* libcilkrts5-32bit-7.5.0+r278197-13.1
* libcilkrts5-debuginfo-7.5.0+r278197-13.1
* libcilkrts5-7.5.0+r278197-13.1
* libubsan0-32bit-7.5.0+r278197-13.1
* libgfortran4-32bit-7.5.0+r278197-13.1
* libasan4-32bit-7.5.0+r278197-13.1
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
* libubsan0-debuginfo-7.5.0+r278197-13.1
* libubsan0-7.5.0+r278197-13.1
* gcc7-debugsource-7.5.0+r278197-13.1
* libasan4-debuginfo-7.5.0+r278197-13.1
* libgfortran4-7.5.0+r278197-13.1
* libgfortran4-debuginfo-7.5.0+r278197-13.1
* libasan4-7.5.0+r278197-13.1
* gcc7-debuginfo-7.5.0+r278197-13.1
* SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
* libubsan0-32bit-7.5.0+r278197-13.1
* libasan4-32bit-7.5.0+r278197-13.1
* libgfortran4-32bit-7.5.0+r278197-13.1
* SUSE Linux Enterprise Server 12 SP5 (x86_64)
* libcilkrts5-32bit-7.5.0+r278197-13.1
* libcilkrts5-7.5.0+r278197-13.1
* libcilkrts5-debuginfo-7.5.0+r278197-13.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
* libubsan0-debuginfo-7.5.0+r278197-13.1
* libubsan0-7.5.0+r278197-13.1
* gcc7-debugsource-7.5.0+r278197-13.1
* libasan4-debuginfo-7.5.0+r278197-13.1
* libgfortran4-7.5.0+r278197-13.1
* libgfortran4-debuginfo-7.5.0+r278197-13.1
* libasan4-7.5.0+r278197-13.1
* gcc7-debuginfo-7.5.0+r278197-13.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
* libcilkrts5-32bit-7.5.0+r278197-13.1
* libcilkrts5-debuginfo-7.5.0+r278197-13.1
* libcilkrts5-7.5.0+r278197-13.1
* libubsan0-32bit-7.5.0+r278197-13.1
* libgfortran4-32bit-7.5.0+r278197-13.1
* libasan4-32bit-7.5.0+r278197-13.1
## References:
* https://www.suse.com/security/cve/CVE-2019-14250.html
* https://www.suse.com/security/cve/CVE-2019-15847.html
* https://www.suse.com/security/cve/CVE-2020-13844.html
* https://www.suse.com/security/cve/CVE-2023-4039.html
* https://bugzilla.suse.com/show_bug.cgi?id=1071995
* https://bugzilla.suse.com/show_bug.cgi?id=1084842
* https://bugzilla.suse.com/show_bug.cgi?id=1114592
* https://bugzilla.suse.com/show_bug.cgi?id=1124644
* https://bugzilla.suse.com/show_bug.cgi?id=1128794
* https://bugzilla.suse.com/show_bug.cgi?id=1129389
* https://bugzilla.suse.com/show_bug.cgi?id=1131264
* https://bugzilla.suse.com/show_bug.cgi?id=1141897
* https://bugzilla.suse.com/show_bug.cgi?id=1142649
* https://bugzilla.suse.com/show_bug.cgi?id=1146475
* https://bugzilla.suse.com/show_bug.cgi?id=1148517
* https://bugzilla.suse.com/show_bug.cgi?id=1149145
* https://bugzilla.suse.com/show_bug.cgi?id=1150164
* https://bugzilla.suse.com/show_bug.cgi?id=1160086
* https://bugzilla.suse.com/show_bug.cgi?id=1161913
* https://bugzilla.suse.com/show_bug.cgi?id=1167939
* https://bugzilla.suse.com/show_bug.cgi?id=1172798
* https://bugzilla.suse.com/show_bug.cgi?id=1178577
* https://bugzilla.suse.com/show_bug.cgi?id=1178614
* https://bugzilla.suse.com/show_bug.cgi?id=1178624
* https://bugzilla.suse.com/show_bug.cgi?id=1178675
* https://bugzilla.suse.com/show_bug.cgi?id=1181618
* https://bugzilla.suse.com/show_bug.cgi?id=1195517
* https://bugzilla.suse.com/show_bug.cgi?id=1196861
* https://bugzilla.suse.com/show_bug.cgi?id=1204505
* https://bugzilla.suse.com/show_bug.cgi?id=1205145
* https://bugzilla.suse.com/show_bug.cgi?id=1214052
* https://jira.suse.com/browse/SLE-12209
* https://jira.suse.com/browse/SLE-6738
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20240227/1a313d3e/attachment.htm>
More information about the sle-security-updates
mailing list