SUSE SLED12 / SLES12 Security Update : gcc5 (SUSE-SU-2016:0963-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The GNU Compiler Collection was updated to version 5.3.1, which brings
several fixes and enhancements.

The following security issue has been fixed :

- Fix C++11 std::random_device short read issue that could
lead to predictable randomness. (CVE-2015-5276,
bsc#945842)

The following non-security issues have been fixed :

- Enable frame pointer for TARGET_64BIT_MS_ABI when stack
is misaligned. Fixes internal compiler error when
building Wine. (bsc#966220)

- Fix a PowerPC specific issue in gcc-go that broke
compilation of newer versions of Docker. (bsc#964468)

- Fix HTM built-ins on PowerPC. (bsc#955382)

- Fix libgo certificate lookup. (bsc#953831)

- Suppress deprecated-declarations warnings for inline
definitions of deprecated virtual methods. (bsc#939460)

- Build s390[x] with '--with-tune=z9-109 --with-arch=z900'
on SLE11 again. (bsc#954002)

- Revert accidental libffi ABI breakage on aarch64.
(bsc#968771)

- On x86_64, set default 32bit code generation to
-march=x86-64 rather than -march=i586.

- Add experimental File System TS library.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/939460
https://bugzilla.suse.com/945842
https://bugzilla.suse.com/952151
https://bugzilla.suse.com/953831
https://bugzilla.suse.com/954002
https://bugzilla.suse.com/955382
https://bugzilla.suse.com/962765
https://bugzilla.suse.com/964468
https://bugzilla.suse.com/966220
https://bugzilla.suse.com/968771
https://www.suse.com/security/cve/CVE-2015-5276.html
http://www.nessus.org/u?bca05937

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-565=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-565=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-565=1

SUSE Linux Enterprise Module for Toolchain 12 :

zypper in -t patch SUSE-SLE-Module-Toolchain-12-2016-565=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-565=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-565=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 90420 ()

Bugtraq ID:

CVE ID: CVE-2015-5276

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now