Scientific Linux Security Update : gcc on SL5.x i386/x86_64

medium Nessus Plugin ID 60933

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially crafted JAR file, it could cause fastjar to overwrite arbitrary files writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322)

This update also fixes the following bugs :

- The option -print-multi-os-directory in the gcc --help output is not in the gcc(1) man page. This update applies an upstream patch to amend this. (BZ#529659)

- An internal assertion in the compiler tried to check that a C++ static data member is external which resulted in errors. This was because when the compiler optimizes C++ anonymous namespaces the declarations were no longer marked external as everything on anonymous namespaces is local to the current translation. This update corrects the assertion to resolve this issue. (BZ#503565, BZ#508735, BZ#582682)

- Attempting to compile certain .cpp files could have resulted in an internal compiler error. This update resolves this issue. (BZ#527510)

- PrintServiceLookup.lookupPrintServices with an appropriate DocFlavor failed to return a list of printers under gcj. This update includes a backported patch to correct this bug in the printer lookup service.
(BZ#578382)

- GCC would not build against xulrunner-devel-1.9.2. This update removes gcjwebplugin from the GCC RPM.
(BZ#596097)

- When a SystemTap generated kernel module was compiled, gcc reported an internal compiler error and gets a segmentation fault. This update applies a patch that, instead of crashing, assumes it can point to anything.
(BZ#605803)

- There was a performance issue with libstdc++ regarding all objects derived from or using std::streambuf because of lock contention between threads. This patch ensures reload uses the same value from _S_global for the comparison, _M_add_reference () and _M_impl member of the class. (BZ#635708)

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=503565

https://bugzilla.redhat.com/show_bug.cgi?id=508735

https://bugzilla.redhat.com/show_bug.cgi?id=527510

https://bugzilla.redhat.com/show_bug.cgi?id=529659

https://bugzilla.redhat.com/show_bug.cgi?id=578382

https://bugzilla.redhat.com/show_bug.cgi?id=582682

https://bugzilla.redhat.com/show_bug.cgi?id=596097

https://bugzilla.redhat.com/show_bug.cgi?id=605803

https://bugzilla.redhat.com/show_bug.cgi?id=635708

http://www.nessus.org/u?098be901

Plugin Details

Severity: Medium

ID: 60933

File Name: sl_20110113_gcc_on_SL5_x.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/13/2011

Reference Information

CVE: CVE-2010-0831, CVE-2010-2322