openSUSE Security Update : gcc7 (openSUSE-2020-2300)

medium Nessus Plugin ID 145277

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for gcc7 fixes the following issues :

- CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798)

- Enable fortran for the nvptx offload compiler.

- Update README.First-for.SuSE.packagers

- avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.

- Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling.
[jsc#SLE-12209, bsc#1167939]

- Fixed 32bit libgnat.so link. [bsc#1178675]

- Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]

- Fixed debug line info for try/catch. [bsc#1178614]

- Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled)

- Fixed corruption of pass private ->aux via DF.
[gcc#94148]

- Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]

- Fixed binutils release date detection issue.

- Fixed register allocation issue with exception handling code on s390x. [bsc#1161913]

- Fixed miscompilation of some atomic code on aarch64.
[bsc#1150164]

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected gcc7 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1150164

https://bugzilla.opensuse.org/show_bug.cgi?id=1161913

https://bugzilla.opensuse.org/show_bug.cgi?id=1167939

https://bugzilla.opensuse.org/show_bug.cgi?id=1172798

https://bugzilla.opensuse.org/show_bug.cgi?id=1178577

https://bugzilla.opensuse.org/show_bug.cgi?id=1178614

https://bugzilla.opensuse.org/show_bug.cgi?id=1178624

https://bugzilla.opensuse.org/show_bug.cgi?id=1178675

Plugin Details

Severity: Medium

ID: 145277

File Name: openSUSE-2020-2300.nasl

Version: 1.3

Type: local

Agent: unix

Published: 1/25/2021

Updated: 1/26/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-13844

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gcc7-obj-c%2b%2b-debuginfo, cpe:/o:novell:opensuse:15.1, p-cpe:/a:novell:opensuse:libada7, p-cpe:/a:novell:opensuse:libgfortran4-32bit, p-cpe:/a:novell:opensuse:gcc7-go-32bit, p-cpe:/a:novell:opensuse:gcc7-go-debuginfo, p-cpe:/a:novell:opensuse:libcilkrts5, p-cpe:/a:novell:opensuse:libcilkrts5-32bit-debuginfo, p-cpe:/a:novell:opensuse:gcc7-objc, p-cpe:/a:novell:opensuse:gcc7-fortran-32bit, p-cpe:/a:novell:opensuse:libubsan0-debuginfo, p-cpe:/a:novell:opensuse:gcc7-ada-debuginfo, p-cpe:/a:novell:opensuse:gcc7-go, p-cpe:/a:novell:opensuse:gcc7-obj-c%2b%2b, p-cpe:/a:novell:opensuse:libgo11-32bit, p-cpe:/a:novell:opensuse:gcc7-c%2b%2b-32bit, p-cpe:/a:novell:opensuse:libubsan0-32bit, p-cpe:/a:novell:opensuse:libcilkrts5-32bit, p-cpe:/a:novell:opensuse:libgo11-debuginfo, p-cpe:/a:novell:opensuse:libada7-debuginfo, p-cpe:/a:novell:opensuse:libada7-32bit-debuginfo, p-cpe:/a:novell:opensuse:gcc7-c%2b%2b-debuginfo, p-cpe:/a:novell:opensuse:libstdc%2b%2b6-devel-gcc7, p-cpe:/a:novell:opensuse:libubsan0, p-cpe:/a:novell:opensuse:gcc7-32bit, p-cpe:/a:novell:opensuse:libasan4-32bit-debuginfo, p-cpe:/a:novell:opensuse:gcc7-ada-32bit, p-cpe:/a:novell:opensuse:gcc7-objc-32bit, p-cpe:/a:novell:opensuse:libstdc%2b%2b6-devel-gcc7-32bit, p-cpe:/a:novell:opensuse:libasan4-32bit, p-cpe:/a:novell:opensuse:gcc7, p-cpe:/a:novell:opensuse:libgfortran4, p-cpe:/a:novell:opensuse:libgo11, p-cpe:/a:novell:opensuse:libgo11-32bit-debuginfo, p-cpe:/a:novell:opensuse:libubsan0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libada7-32bit, p-cpe:/a:novell:opensuse:cpp7, p-cpe:/a:novell:opensuse:libcilkrts5-debuginfo, p-cpe:/a:novell:opensuse:gcc7-info, p-cpe:/a:novell:opensuse:cpp7-debuginfo, p-cpe:/a:novell:opensuse:gcc7-debugsource, p-cpe:/a:novell:opensuse:libasan4-debuginfo, p-cpe:/a:novell:opensuse:libasan4, p-cpe:/a:novell:opensuse:gcc7-locale, p-cpe:/a:novell:opensuse:libgfortran4-32bit-debuginfo, p-cpe:/a:novell:opensuse:gcc7-ada, p-cpe:/a:novell:opensuse:gcc7-fortran-debuginfo, p-cpe:/a:novell:opensuse:gcc7-fortran, p-cpe:/a:novell:opensuse:libgfortran4-debuginfo, p-cpe:/a:novell:opensuse:gcc7-objc-debuginfo, p-cpe:/a:novell:opensuse:gcc7-obj-c%2b%2b-32bit, p-cpe:/a:novell:opensuse:gcc7-debuginfo, p-cpe:/a:novell:opensuse:gcc7-c%2b%2b

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2020

Vulnerability Publication Date: 6/8/2020

Reference Information

CVE: CVE-2020-13844