Detections
Analytics

openSUSE Security Update : gcc7 (openSUSE-2020-2301)

medium Nessus Plugin ID 145329

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for gcc7 fixes the following issues :

 - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798)

 - Enable fortran for the nvptx offload compiler.

- Update README.First-for.SuSE.packagers

 - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.

 - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling.
 [jsc#SLE-12209, bsc#1167939]

 - Fixed 32bit libgnat.so link. [bsc#1178675]

 - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]

 - Fixed debug line info for try/catch. [bsc#1178614]

 - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled)

 - Fixed corruption of pass private ->aux via DF.
 [gcc#94148]

 - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]

 - Fixed binutils release date detection issue.

 - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913]

- Fixed miscompilation of some atomic code on aarch64.
 [bsc#1150164]

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected gcc7 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1150164

https://bugzilla.opensuse.org/show_bug.cgi?id=1161913

https://bugzilla.opensuse.org/show_bug.cgi?id=1167939

https://bugzilla.opensuse.org/show_bug.cgi?id=1172798

https://bugzilla.opensuse.org/show_bug.cgi?id=1178577

https://bugzilla.opensuse.org/show_bug.cgi?id=1178614

https://bugzilla.opensuse.org/show_bug.cgi?id=1178624

https://bugzilla.opensuse.org/show_bug.cgi?id=1178675

Plugin Details

Severity: Medium

ID: 145329

File Name: openSUSE-2020-2301.nasl

Version: 1.3

Type: local

Agent: unix

Published: 1/25/2021

Updated: 1/26/2024

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-13844

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:cpp7, p-cpe:/a:novell:opensuse:cpp7-debuginfo, p-cpe:/a:novell:opensuse:gcc7, p-cpe:/a:novell:opensuse:gcc7-32bit, p-cpe:/a:novell:opensuse:gcc7-ada, p-cpe:/a:novell:opensuse:gcc7-ada-32bit, p-cpe:/a:novell:opensuse:gcc7-ada-debuginfo, p-cpe:/a:novell:opensuse:gcc7-c%2b%2b, p-cpe:/a:novell:opensuse:gcc7-c%2b%2b-32bit, p-cpe:/a:novell:opensuse:gcc7-c%2b%2b-debuginfo, p-cpe:/a:novell:opensuse:gcc7-debuginfo, p-cpe:/a:novell:opensuse:gcc7-debugsource, p-cpe:/a:novell:opensuse:gcc7-fortran, p-cpe:/a:novell:opensuse:gcc7-fortran-32bit, p-cpe:/a:novell:opensuse:gcc7-fortran-debuginfo, p-cpe:/a:novell:opensuse:gcc7-go, p-cpe:/a:novell:opensuse:gcc7-go-32bit, p-cpe:/a:novell:opensuse:gcc7-go-debuginfo, p-cpe:/a:novell:opensuse:gcc7-info, p-cpe:/a:novell:opensuse:gcc7-locale, p-cpe:/a:novell:opensuse:gcc7-obj-c%2b%2b, p-cpe:/a:novell:opensuse:gcc7-obj-c%2b%2b-32bit, p-cpe:/a:novell:opensuse:gcc7-obj-c%2b%2b-debuginfo, p-cpe:/a:novell:opensuse:gcc7-objc, p-cpe:/a:novell:opensuse:gcc7-objc-32bit, p-cpe:/a:novell:opensuse:gcc7-objc-debuginfo, p-cpe:/a:novell:opensuse:libada7, p-cpe:/a:novell:opensuse:libada7-32bit, p-cpe:/a:novell:opensuse:libada7-32bit-debuginfo, p-cpe:/a:novell:opensuse:libada7-debuginfo, p-cpe:/a:novell:opensuse:libasan4, p-cpe:/a:novell:opensuse:libasan4-32bit, p-cpe:/a:novell:opensuse:libasan4-32bit-debuginfo, p-cpe:/a:novell:opensuse:libasan4-debuginfo, p-cpe:/a:novell:opensuse:libcilkrts5, p-cpe:/a:novell:opensuse:libcilkrts5-32bit, p-cpe:/a:novell:opensuse:libcilkrts5-32bit-debuginfo, p-cpe:/a:novell:opensuse:libcilkrts5-debuginfo, p-cpe:/a:novell:opensuse:libgfortran4, p-cpe:/a:novell:opensuse:libgfortran4-32bit, p-cpe:/a:novell:opensuse:libgfortran4-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgfortran4-debuginfo, p-cpe:/a:novell:opensuse:libgo11, p-cpe:/a:novell:opensuse:libgo11-32bit, p-cpe:/a:novell:opensuse:libgo11-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgo11-debuginfo, p-cpe:/a:novell:opensuse:libstdc%2b%2b6-devel-gcc7, p-cpe:/a:novell:opensuse:libstdc%2b%2b6-devel-gcc7-32bit, p-cpe:/a:novell:opensuse:libubsan0, p-cpe:/a:novell:opensuse:libubsan0-32bit, p-cpe:/a:novell:opensuse:libubsan0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libubsan0-debuginfo, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2020

Vulnerability Publication Date: 6/8/2020

Reference Information

CVE: CVE-2020-13844