SUSE SLED11 / SLES11 Security Update : gcc5 (SUSE-SU-2016:0908-2)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The GNU Compiler Collection was updated to version 5.3.1, which brings
several fixes and enhancements.

The following security issue has been fixed :

- Fix C++11 std::random_device short read issue that could
lead to predictable randomness. (CVE-2015-5276,
bsc#945842)

The following non-security issues have been fixed :

- Enable frame pointer for TARGET_64BIT_MS_ABI when stack
is misaligned. Fixes internal compiler error when
building Wine. (bsc#966220)

- Fix a PowerPC specific issue in gcc-go that broke
compilation of newer versions of Docker. (bsc#964468)

- Fix HTM built-ins on PowerPC. (bsc#955382)

- Fix libgo certificate lookup. (bsc#953831)

- Suppress deprecated-declarations warnings for inline
definitions of deprecated virtual methods. (bsc#939460)

- Revert accidental libffi ABI breakage on aarch64.
(bsc#968771)

- On x86_64, set default 32bit code generation to
-march=x86-64 rather than -march=i586.

- Add experimental File System TS library.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/939460
https://bugzilla.suse.com/945842
https://bugzilla.suse.com/953831
https://bugzilla.suse.com/955382
https://bugzilla.suse.com/962765
https://bugzilla.suse.com/964468
https://bugzilla.suse.com/966220
https://bugzilla.suse.com/968771
https://www.suse.com/security/cve/CVE-2015-5276.html
http://www.nessus.org/u?853c2f17

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-gcc5-12484=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-gcc5-12484=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-gcc5-12484=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-gcc5-12484=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 90303 ()

Bugtraq ID:

CVE ID: CVE-2015-5276

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now