Scientific Linux Security Update : gcc on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Two directory traversal flaws were found in the way fastjar extracted
JAR archive files. If a local, unsuspecting user extracted a
specially-crafted JAR file, it could cause fastjar to overwrite
arbitrary files writable by the user running fastjar. (CVE-2010-0831,
CVE-2010-2322)

This update also fixes the following bugs :

- The option -print-multi-os-directory in the gcc --help
output is not in the gcc(1) man page. This update
applies an upstream patch to amend this. (BZ#529659)

- An internal assertion in the compiler tried to check
that a C++ static data member is external which resulted
in errors. This was because when the compiler optimizes
C++ anonymous namespaces the declarations were no longer
marked external as everything on anonymous namespaces is
local to the current translation. This update corrects
the assertion to resolve this issue. (BZ#503565,
BZ#508735, BZ#582682)

- Attempting to compile certain .cpp files could have
resulted in an internal compiler error. This update
resolves this issue. (BZ#527510)

- PrintServiceLookup.lookupPrintServices with an
appropriate DocFlavor failed to return a list of
printers under gcj. This update includes a backported
patch to correct this bug in the printer lookup service.
(BZ#578382)

- GCC would not build against xulrunner-devel-1.9.2. This
update removes gcjwebplugin from the GCC RPM.
(BZ#596097)

- When a SystemTap generated kernel module was compiled,
gcc reported an internal compiler error and gets a
segmentation fault. This update applies a patch that,
instead of crashing, assumes it can point to anything.
(BZ#605803)

- There was a performance issue with libstdc++ regarding
all objects derived from or using std::streambuf because
of lock contention between threads. This patch ensures
reload uses the same value from _S_global for the
comparison, _M_add_reference () and _M_impl member of
the class. (BZ#635708)

See also :

http://www.nessus.org/u?277f87dc
https://bugzilla.redhat.com/show_bug.cgi?id=503565
https://bugzilla.redhat.com/show_bug.cgi?id=508735
https://bugzilla.redhat.com/show_bug.cgi?id=527510
https://bugzilla.redhat.com/show_bug.cgi?id=529659
https://bugzilla.redhat.com/show_bug.cgi?id=578382
https://bugzilla.redhat.com/show_bug.cgi?id=582682
https://bugzilla.redhat.com/show_bug.cgi?id=596097
https://bugzilla.redhat.com/show_bug.cgi?id=605803
https://bugzilla.redhat.com/show_bug.cgi?id=635708

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60933 ()

Bugtraq ID:

CVE ID: CVE-2010-0831
CVE-2010-2322