Scientific Linux Security Update : gcc on SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

Two directory traversal flaws were found in the way fastjar extracted
JAR archive files. If a local, unsuspecting user extracted a specially
crafted JAR file, it could cause fastjar to overwrite arbitrary files
writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322)

This update also fixes the following bugs :

- The option -print-multi-os-directory in the gcc --help
output is not in the gcc(1) man page. This update
applies an upstream patch to amend this. (BZ#529659)

- An internal assertion in the compiler tried to check
that a C++ static data member is external which resulted
in errors. This was because when the compiler optimizes
C++ anonymous namespaces the declarations were no longer
marked external as everything on anonymous namespaces is
local to the current translation. This update corrects
the assertion to resolve this issue. (BZ#503565,
BZ#508735, BZ#582682)

- Attempting to compile certain .cpp files could have
resulted in an internal compiler error. This update
resolves this issue. (BZ#527510)

- PrintServiceLookup.lookupPrintServices with an
appropriate DocFlavor failed to return a list of
printers under gcj. This update includes a backported
patch to correct this bug in the printer lookup service.

- GCC would not build against xulrunner-devel-1.9.2. This
update removes gcjwebplugin from the GCC RPM.

- When a SystemTap generated kernel module was compiled,
gcc reported an internal compiler error and gets a
segmentation fault. This update applies a patch that,
instead of crashing, assumes it can point to anything.

- There was a performance issue with libstdc++ regarding
all objects derived from or using std::streambuf because
of lock contention between threads. This patch ensures
reload uses the same value from _S_global for the
comparison, _M_add_reference () and _M_impl member of
the class. (BZ#635708)

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60933 ()

Bugtraq ID:

CVE ID: CVE-2010-0831