SUSE-SU-2019:3061-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-20193061-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:3061-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:3061-1
Related
Published
2019-11-25T16:34:42Z
Modified
2019-11-25T16:34:42Z
Summary
Security update for gcc9
Details

This update includes the GNU Compiler Collection 9.

A full changelog is provided by the GCC team on:

https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.

To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

  • CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the _builtindarn intrinsic into a single call. (bsc#1149145)
  • CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

  • Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
  • Fixed miscompilation for vector shift on s390. (bsc#1141897)
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / gcc9

Package

Name
gcc9
Purl
pkg:rpm/suse/gcc9&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.1+r275327-1.3.7

Ecosystem specific

{
    "binaries": [
        {
            "libgfortran5": "9.2.1+r275327-1.3.7",
            "libgomp1": "9.2.1+r275327-1.3.7",
            "libgo14": "9.2.1+r275327-1.3.7",
            "libada9-32bit": "9.2.1+r275327-1.3.7",
            "libada9": "9.2.1+r275327-1.3.7",
            "libasan5-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6": "9.2.1+r275327-1.3.7",
            "libgcc_s1-32bit": "9.2.1+r275327-1.3.7",
            "libgomp1-32bit": "9.2.1+r275327-1.3.7",
            "libubsan1": "9.2.1+r275327-1.3.7",
            "libstdc++6-32bit": "9.2.1+r275327-1.3.7",
            "libatomic1": "9.2.1+r275327-1.3.7",
            "libstdc++6-devel-gcc9": "9.2.1+r275327-1.3.7",
            "libgfortran5-32bit": "9.2.1+r275327-1.3.7",
            "libitm1-32bit": "9.2.1+r275327-1.3.7",
            "libitm1": "9.2.1+r275327-1.3.7",
            "libatomic1-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6-locale": "9.2.1+r275327-1.3.7",
            "libgcc_s1": "9.2.1+r275327-1.3.7",
            "libquadmath0": "9.2.1+r275327-1.3.7",
            "libstdc++6-pp-gcc9": "9.2.1+r275327-1.3.7",
            "libgo14-32bit": "9.2.1+r275327-1.3.7",
            "libquadmath0-32bit": "9.2.1+r275327-1.3.7",
            "libtsan0": "9.2.1+r275327-1.3.7",
            "libasan5": "9.2.1+r275327-1.3.7",
            "liblsan0": "9.2.1+r275327-1.3.7",
            "libubsan1-32bit": "9.2.1+r275327-1.3.7"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / gcc9

Package

Name
gcc9
Purl
pkg:rpm/suse/gcc9&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.1+r275327-1.3.7

Ecosystem specific

{
    "binaries": [
        {
            "libgfortran5": "9.2.1+r275327-1.3.7",
            "libgomp1": "9.2.1+r275327-1.3.7",
            "libgo14": "9.2.1+r275327-1.3.7",
            "libada9-32bit": "9.2.1+r275327-1.3.7",
            "libada9": "9.2.1+r275327-1.3.7",
            "libasan5-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6": "9.2.1+r275327-1.3.7",
            "libgcc_s1-32bit": "9.2.1+r275327-1.3.7",
            "libgomp1-32bit": "9.2.1+r275327-1.3.7",
            "libubsan1": "9.2.1+r275327-1.3.7",
            "libstdc++6-32bit": "9.2.1+r275327-1.3.7",
            "libatomic1": "9.2.1+r275327-1.3.7",
            "libstdc++6-devel-gcc9": "9.2.1+r275327-1.3.7",
            "libgfortran5-32bit": "9.2.1+r275327-1.3.7",
            "libitm1-32bit": "9.2.1+r275327-1.3.7",
            "libitm1": "9.2.1+r275327-1.3.7",
            "libatomic1-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6-locale": "9.2.1+r275327-1.3.7",
            "libgcc_s1": "9.2.1+r275327-1.3.7",
            "libquadmath0": "9.2.1+r275327-1.3.7",
            "libstdc++6-pp-gcc9": "9.2.1+r275327-1.3.7",
            "libgo14-32bit": "9.2.1+r275327-1.3.7",
            "libquadmath0-32bit": "9.2.1+r275327-1.3.7",
            "libtsan0": "9.2.1+r275327-1.3.7",
            "libasan5": "9.2.1+r275327-1.3.7",
            "liblsan0": "9.2.1+r275327-1.3.7",
            "libubsan1-32bit": "9.2.1+r275327-1.3.7"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 / gcc9

Package

Name
gcc9
Purl
pkg:rpm/suse/gcc9&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.1+r275327-1.3.7

Ecosystem specific

{
    "binaries": [
        {
            "gcc9-go": "9.2.1+r275327-1.3.7",
            "gcc9-c++": "9.2.1+r275327-1.3.7",
            "gcc9-fortran-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-ada-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-locale": "9.2.1+r275327-1.3.7",
            "libstdc++6-pp-gcc9-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-info": "9.2.1+r275327-1.3.7",
            "cpp9": "9.2.1+r275327-1.3.7",
            "libstdc++6-devel-gcc9": "9.2.1+r275327-1.3.7",
            "gcc9-ada": "9.2.1+r275327-1.3.7",
            "libatomic1-32bit": "9.2.1+r275327-1.3.7",
            "libada9": "9.2.1+r275327-1.3.7",
            "gcc9-fortran": "9.2.1+r275327-1.3.7",
            "libada9-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6-devel-gcc9-32bit": "9.2.1+r275327-1.3.7",
            "gcc9": "9.2.1+r275327-1.3.7",
            "gcc9-c++-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-go-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6-pp-gcc9": "9.2.1+r275327-1.3.7",
            "libubsan1-32bit": "9.2.1+r275327-1.3.7"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP1 / gcc9

Package

Name
gcc9
Purl
pkg:rpm/suse/gcc9&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.1+r275327-1.3.7

Ecosystem specific

{
    "binaries": [
        {
            "gcc9-go": "9.2.1+r275327-1.3.7",
            "gcc9-c++": "9.2.1+r275327-1.3.7",
            "gcc9-fortran-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-ada-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-locale": "9.2.1+r275327-1.3.7",
            "libstdc++6-pp-gcc9-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-info": "9.2.1+r275327-1.3.7",
            "cpp9": "9.2.1+r275327-1.3.7",
            "libstdc++6-devel-gcc9": "9.2.1+r275327-1.3.7",
            "gcc9-ada": "9.2.1+r275327-1.3.7",
            "libatomic1-32bit": "9.2.1+r275327-1.3.7",
            "libada9": "9.2.1+r275327-1.3.7",
            "gcc9-fortran": "9.2.1+r275327-1.3.7",
            "libada9-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6-devel-gcc9-32bit": "9.2.1+r275327-1.3.7",
            "gcc9": "9.2.1+r275327-1.3.7",
            "gcc9-c++-32bit": "9.2.1+r275327-1.3.7",
            "gcc9-go-32bit": "9.2.1+r275327-1.3.7",
            "libstdc++6-pp-gcc9": "9.2.1+r275327-1.3.7",
            "libubsan1-32bit": "9.2.1+r275327-1.3.7"
        }
    ]
}