Synopsis
The remote Scientific Linux host is missing one or more security updates.
Description
Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially crafted JAR file, it could cause fastjar to overwrite arbitrary files writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322)
This update also fixes the following bugs :
- The option -print-multi-os-directory in the gcc --help output is not in the gcc(1) man page. This update applies an upstream patch to amend this. (BZ#529659)
- An internal assertion in the compiler tried to check that a C++ static data member is external which resulted in errors. This was because when the compiler optimizes C++ anonymous namespaces the declarations were no longer marked external as everything on anonymous namespaces is local to the current translation. This update corrects the assertion to resolve this issue. (BZ#503565, BZ#508735, BZ#582682)
- Attempting to compile certain .cpp files could have resulted in an internal compiler error. This update resolves this issue. (BZ#527510)
- PrintServiceLookup.lookupPrintServices with an appropriate DocFlavor failed to return a list of printers under gcj. This update includes a backported patch to correct this bug in the printer lookup service.
(BZ#578382)
- GCC would not build against xulrunner-devel-1.9.2. This update removes gcjwebplugin from the GCC RPM.
(BZ#596097)
- When a SystemTap generated kernel module was compiled, gcc reported an internal compiler error and gets a segmentation fault. This update applies a patch that, instead of crashing, assumes it can point to anything.
(BZ#605803)
- There was a performance issue with libstdc++ regarding all objects derived from or using std::streambuf because of lock contention between threads. This patch ensures reload uses the same value from _S_global for the comparison, _M_add_reference () and _M_impl member of the class. (BZ#635708)
Solution
Update the affected packages.
Plugin Details
File Name: sl_20110113_gcc_on_SL5_x.nasl
Agent: unix
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P
Vulnerability Information
CPE: x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 1/13/2011