EulerOS Virtualization 2.5.0 : gcc (EulerOS-SA-2018-1331)
Low Nessus Plugin ID 118419
SynopsisThe remote EulerOS Virtualization host is missing multiple security updates.
DescriptionAccording to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
- The gcc package contains the GNU Compiler Collection version 4.8.You'll need this package in order to compile C code.
- Security fix(es):
- Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.(CVE-2017-11671)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected gcc packages.