Oracle Linux 3 : gcc (ELSA-2007-0473)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2007:0473 :

Updated gcc packages that fix a security issue and another bug are now
available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The gcc packages include C, C++, Java, Fortran 77, Objective C, and
Ada 95 GNU compilers and related support libraries.

Jürgen Weigert discovered a directory traversal flaw in fastjar. An
attacker could create a malicious JAR file which, if unpacked using
fastjar, could write to any files the victim had write access to.
(CVE-2006-3619)

These updated packages also fix a reload internal compiler error with
-fnon-call-exceptions option.

All users of gcc should upgrade to these updated packages, which
resolve these issues.

See also :

https://oss.oracle.com/pipermail/el-errata/2007-June/000183.html

Solution :

Update the affected gcc packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67519 ()

Bugtraq ID:

CVE ID: CVE-2006-3619