SUSE-SU-2023:3662-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20233662-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3662-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:3662-1
- Related
- Published
- 2023-09-18T19:48:26Z
- Modified
- 2023-09-18T19:48:26Z
- Summary
- Security update for gcc7
- Details
-
This update for gcc7 fixes the following issues:
Security issues fixed:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
- CVE-2019-15847: Fixed POWER9 DARN miscompilation. (bsc#1149145)
- CVE-2019-14250: Includes fix for LTO linker plugin heap overflow. (bsc#1142649)
Update to GCC 7.5.0 release.
Other changes:
- Fixed KASAN kernel compile. (bsc#1205145)
- Fixed ICE with C++17 code. (bsc#1204505)
- Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517):
- Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
- Do not handle exceptions in std::thread (jsc#CAR-1182)
- add -fpatchable-function-entry feature to gcc-7.
- Fixed glibc namespace violation with getauxval. (bsc#1167939)
- Backport aarch64 Straight Line Speculation mitigation [bsc#1172798, CVE-2020-13844]
- Enable fortran for the nvptx offload compiler.
- Update README.First-for.SuSE.packagers
- Avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.
- Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. (jsc#SLE-12209, bsc#1167939)
- Fixed memcpy miscompilation on aarch64. (bsc#1178624, bsc#1178577)
- Fixed debug line info for try/catch. (bsc#1178614)
- Fixed corruption of pass private ->aux via DF. (gcc#94148)
- Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]
- Fixed register allocation issue with exception handling code on s390x. (bsc#1161913)
- Backport PR target/92692 to fix miscompilation of some atomic code on aarch64. (bsc#1150164)
- Fixed miscompilation in vectorized code for s390x. (bsc#1160086) [gcc#92950]
- Fixed miscompilation with thread-safe local static initialization. [gcc#85887]
- Fixed debug info created for array definitions that complete an earlier declaration. [bsc#1146475]
- Fixed vector shift miscompilation on s390. (bsc#1141897)
- Add gcc7 -flive-patching patch. [bsc#1071995, fate#323487]
- Strip -flto from $optflags.
- Disables switch jump-tables when retpolines are used. (bsc#1131264, jsc#SLE-6738)
- Fixed ICE compiling tensorflow on aarch64. (bsc#1129389)
- Fixed for aarch64 FMA steering pass use-after-free. (bsc#1128794)
- Fixed ICE compiling tensorflow. (bsc#1129389)
- Fixed s390x FP load-and-test issue. (bsc#1124644)
- Adjust gnat manual entries in the info directory. (bsc#1114592)
- Fixed to no longer try linking -lieee with -mieee-fp. (bsc#1084842)
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20233662-1/
- https://bugzilla.suse.com/1071995
- https://bugzilla.suse.com/1084842
- https://bugzilla.suse.com/1114592
- https://bugzilla.suse.com/1124644
- https://bugzilla.suse.com/1128794
- https://bugzilla.suse.com/1129389
- https://bugzilla.suse.com/1131264
- https://bugzilla.suse.com/1141897
- https://bugzilla.suse.com/1142649
- https://bugzilla.suse.com/1146475
- https://bugzilla.suse.com/1148517
- https://bugzilla.suse.com/1149145
- https://bugzilla.suse.com/1150164
- https://bugzilla.suse.com/1160086
- https://bugzilla.suse.com/1161913
- https://bugzilla.suse.com/1167939
- https://bugzilla.suse.com/1172798
- https://bugzilla.suse.com/1178577
- https://bugzilla.suse.com/1178614
- https://bugzilla.suse.com/1178624
- https://bugzilla.suse.com/1178675
- https://bugzilla.suse.com/1181618
- https://bugzilla.suse.com/1195517
- https://bugzilla.suse.com/1196861
- https://bugzilla.suse.com/1204505
- https://bugzilla.suse.com/1205145
- https://bugzilla.suse.com/1214052
- https://www.suse.com/security/cve/CVE-2019-14250
- https://www.suse.com/security/cve/CVE-2019-15847
- https://www.suse.com/security/cve/CVE-2020-13844
- https://www.suse.com/security/cve/CVE-2023-4039
Affected packages
SUSE:Linux Enterprise Module for Toolchain 12 / cross-nvptx-gcc7
Package
- Name
- cross-nvptx-gcc7
- Purl
- purl:rpm/suse/cross-nvptx-gcc7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Toolchain%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.5.0+r278197-13.1
Ecosystem specific
{
"binaries": [
{
"libstdc++6-devel-gcc7": "7.5.0+r278197-13.1",
"libada7": "7.5.0+r278197-13.1",
"cpp7": "7.5.0+r278197-13.1",
"gcc7-ada-32bit": "7.5.0+r278197-13.1",
"gcc7-locale": "7.5.0+r278197-13.1",
"gcc7-32bit": "7.5.0+r278197-13.1",
"gcc7-info": "7.5.0+r278197-13.1",
"libstdc++6-devel-gcc7-32bit": "7.5.0+r278197-13.1",
"gcc7-ada": "7.5.0+r278197-13.1",
"cross-nvptx-newlib7-devel": "7.5.0+r278197-13.1",
"gcc7-fortran": "7.5.0+r278197-13.1",
"gcc7-c++-32bit": "7.5.0+r278197-13.1",
"gcc7": "7.5.0+r278197-13.1",
"gcc7-c++": "7.5.0+r278197-13.1",
"gcc7-fortran-32bit": "7.5.0+r278197-13.1",
"cross-nvptx-gcc7": "7.5.0+r278197-13.1",
"libada7-32bit": "7.5.0+r278197-13.1"
}
]
}
SUSE:Linux Enterprise Module for Toolchain 12 / gcc7
Package
- Name
- gcc7
- Purl
- purl:rpm/suse/gcc7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Toolchain%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.5.0+r278197-13.1
Ecosystem specific
{
"binaries": [
{
"libstdc++6-devel-gcc7": "7.5.0+r278197-13.1",
"libada7": "7.5.0+r278197-13.1",
"cpp7": "7.5.0+r278197-13.1",
"gcc7-ada-32bit": "7.5.0+r278197-13.1",
"gcc7-locale": "7.5.0+r278197-13.1",
"gcc7-32bit": "7.5.0+r278197-13.1",
"gcc7-info": "7.5.0+r278197-13.1",
"libstdc++6-devel-gcc7-32bit": "7.5.0+r278197-13.1",
"gcc7-ada": "7.5.0+r278197-13.1",
"cross-nvptx-newlib7-devel": "7.5.0+r278197-13.1",
"gcc7-fortran": "7.5.0+r278197-13.1",
"gcc7-c++-32bit": "7.5.0+r278197-13.1",
"gcc7": "7.5.0+r278197-13.1",
"gcc7-c++": "7.5.0+r278197-13.1",
"gcc7-fortran-32bit": "7.5.0+r278197-13.1",
"cross-nvptx-gcc7": "7.5.0+r278197-13.1",
"libada7-32bit": "7.5.0+r278197-13.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP5 / gcc7
Package
- Name
- gcc7
- Purl
- purl:rpm/suse/gcc7&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.5.0+r278197-13.1
Ecosystem specific
{
"binaries": [
{
"libasan4-32bit": "7.5.0+r278197-13.1",
"libgfortran4-32bit": "7.5.0+r278197-13.1",
"libcilkrts5-32bit": "7.5.0+r278197-13.1",
"libasan4": "7.5.0+r278197-13.1",
"libgfortran4": "7.5.0+r278197-13.1",
"libubsan0": "7.5.0+r278197-13.1",
"libubsan0-32bit": "7.5.0+r278197-13.1",
"libcilkrts5": "7.5.0+r278197-13.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / gcc7
Package
- Name
- gcc7
- Purl
- purl:rpm/suse/gcc7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.5.0+r278197-13.1
Ecosystem specific
{
"binaries": [
{
"libasan4-32bit": "7.5.0+r278197-13.1",
"libgfortran4-32bit": "7.5.0+r278197-13.1",
"libcilkrts5-32bit": "7.5.0+r278197-13.1",
"libasan4": "7.5.0+r278197-13.1",
"libgfortran4": "7.5.0+r278197-13.1",
"libubsan0": "7.5.0+r278197-13.1",
"libubsan0-32bit": "7.5.0+r278197-13.1",
"libcilkrts5": "7.5.0+r278197-13.1"
}
]
}