Detections
Analytics

Scientific Linux Security Update : gcc on SL5.x i386/x86_64

medium Nessus Plugin ID 60933

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially crafted JAR file, it could cause fastjar to overwrite arbitrary files writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322)

This update also fixes the following bugs :

 - The option -print-multi-os-directory in the gcc --help output is not in the gcc(1) man page. This update applies an upstream patch to amend this. (BZ#529659)

 - An internal assertion in the compiler tried to check that a C++ static data member is external which resulted in errors. This was because when the compiler optimizes C++ anonymous namespaces the declarations were no longer marked external as everything on anonymous namespaces is local to the current translation. This update corrects the assertion to resolve this issue. (BZ#503565, BZ#508735, BZ#582682)

 - Attempting to compile certain .cpp files could have resulted in an internal compiler error. This update resolves this issue. (BZ#527510)

 - PrintServiceLookup.lookupPrintServices with an appropriate DocFlavor failed to return a list of printers under gcj. This update includes a backported patch to correct this bug in the printer lookup service.
 (BZ#578382)

 - GCC would not build against xulrunner-devel-1.9.2. This update removes gcjwebplugin from the GCC RPM.
 (BZ#596097)

 - When a SystemTap generated kernel module was compiled, gcc reported an internal compiler error and gets a segmentation fault. This update applies a patch that, instead of crashing, assumes it can point to anything.
 (BZ#605803)

 - There was a performance issue with libstdc++ regarding all objects derived from or using std::streambuf because of lock contention between threads. This patch ensures reload uses the same value from _S_global for the comparison, _M_add_reference () and _M_impl member of the class. (BZ#635708)

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=503565

https://bugzilla.redhat.com/show_bug.cgi?id=508735

https://bugzilla.redhat.com/show_bug.cgi?id=527510

https://bugzilla.redhat.com/show_bug.cgi?id=529659

https://bugzilla.redhat.com/show_bug.cgi?id=578382

https://bugzilla.redhat.com/show_bug.cgi?id=582682

https://bugzilla.redhat.com/show_bug.cgi?id=596097

https://bugzilla.redhat.com/show_bug.cgi?id=605803

https://bugzilla.redhat.com/show_bug.cgi?id=635708

http://www.nessus.org/u?098be901

Plugin Details

Severity: Medium

ID: 60933

File Name: sl_20110113_gcc_on_SL5_x.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 1/13/2011

Reference Information

CVE: CVE-2010-0831, CVE-2010-2322