SUSE-SU-2018:0300-1: moderate: Security update for gcc43

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Jan 30 10:13:14 MST 2018 

   SUSE Security Update: Security update for gcc43
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0300-1
Rating:             moderate
References:         #1039513 #1044016 #1045091 #1059075 #1074621 
                    #938159 #977654 #999596 
Cross-References:   CVE-2017-1000376
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that solves one vulnerability and has 7 fixes is
   now available.

Description:



   This update for gcc43 fixes the following issues:

   Security issue fixed:

   - CVE-2017-1000376: Don't request excutable stack from libffi.
     [bnc#1045091]

   New features:

   - Add support for retpolines to mitigate the Spectre Variant 2 attack.
     [bnc#1074621]
   - Add support for zero-sized VLAs and allocas with
     -fstack-clash-protection.  [bnc#1059075]
   - Add support for -fstack-clash-protection to mitigate the Stack Clash
     attack.  [bnc#1039513]

   Non security bugs fixed:

   - Fixed build of 32bit libgcov.a with LFS support.  [bsc#1044016]
   - Fixed issue with libstdc++ functional when an exception is thrown during
     construction.  [bsc#999596]
   - Fixed issue with using gcov and #pragma pack.  [bsc#977654]
   - Fixed ICE compiling AFS modules for the s390x kernel.  [bsc#938159]
   - Backport large file support from GCC 4.6.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-gcc43-13448=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-gcc43-13448=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-gcc43-13448=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-gcc43-13448=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-gcc43-13448=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-gcc43-13448=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cpp43-4.3.4_20091019-37.3.1
      gcc43-fortran-4.3.4_20091019-37.3.1
      gcc43-obj-c++-4.3.4_20091019-37.3.1
      gcc43-objc-4.3.4_20091019-37.3.1
      libobjc43-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      gcc43-fortran-32bit-4.3.4_20091019-37.3.1
      gcc43-objc-32bit-4.3.4_20091019-37.3.1
      libobjc43-32bit-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 x86_64):

      gcc43-ada-4.3.4_20091019-37.3.1
      libada43-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cpp43-4.3.4_20091019-37.3.1
      gcc43-4.3.4_20091019-37.3.1
      gcc43-c++-4.3.4_20091019-37.3.1
      gcc43-info-4.3.4_20091019-37.3.1
      gcc43-locale-4.3.4_20091019-37.3.1
      libstdc++43-devel-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      gcc43-32bit-4.3.4_20091019-37.3.1
      libstdc++43-devel-32bit-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      cpp43-4.3.4_20091019-37.3.1
      gcc43-4.3.4_20091019-37.3.1
      gcc43-c++-4.3.4_20091019-37.3.1
      gcc43-info-4.3.4_20091019-37.3.1
      gcc43-locale-4.3.4_20091019-37.3.1
      libstdc++43-devel-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64):

      gcc43-32bit-4.3.4_20091019-37.3.1
      libstdc++43-devel-32bit-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      cpp43-4.3.4_20091019-37.3.1
      gcc43-4.3.4_20091019-37.3.1
      gcc43-c++-4.3.4_20091019-37.3.1
      gcc43-info-4.3.4_20091019-37.3.1
      gcc43-locale-4.3.4_20091019-37.3.1
      libstdc++43-devel-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      gcc43-debuginfo-4.3.4_20091019-37.3.1
      gcc43-debugsource-4.3.4_20091019-37.3.1

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      gcc43-debuginfo-4.3.4_20091019-37.3.1
      gcc43-debugsource-4.3.4_20091019-37.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000376.html
   https://bugzilla.suse.com/1039513
   https://bugzilla.suse.com/1044016
   https://bugzilla.suse.com/1045091
   https://bugzilla.suse.com/1059075
   https://bugzilla.suse.com/1074621
   https://bugzilla.suse.com/938159
   https://bugzilla.suse.com/977654
   https://bugzilla.suse.com/999596

More information about the sle-updates mailing list