Mandriva Linux Security Advisory : gcc (MDVSA-2015:170)

high Nessus Plugin ID 82446

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated gcc packages fix the following security issue :

Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code CVE-2014-5044).

They also fix the following bugs :

The gcc rtl-optimization sched2 miscompiles syscall sequence wich can cause random panic in glibc and kernel (gcc/PR61801)

clang++ fails to find cxxabi.h and cxxabi_tweaks.h during build (mga#13543)

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0306.html

Plugin Details

Severity: High

ID: 82446

File Name: mandriva_MDVSA-2015-170.nasl

Version: 1.4

Type: local

Published: 3/31/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gcc, p-cpe:/a:mandriva:linux:gcc-c%2b%2b, p-cpe:/a:mandriva:linux:gcc-cpp, p-cpe:/a:mandriva:linux:gcc-doc, p-cpe:/a:mandriva:linux:gcc-doc-pdf, p-cpe:/a:mandriva:linux:gcc-gfortran, p-cpe:/a:mandriva:linux:gcc-gnat, p-cpe:/a:mandriva:linux:gcc-java, p-cpe:/a:mandriva:linux:gcc-objc, p-cpe:/a:mandriva:linux:gcc-objc%2b%2b, p-cpe:/a:mandriva:linux:gcc-plugins, p-cpe:/a:mandriva:linux:gcj-tools, p-cpe:/a:mandriva:linux:lib64gcj-devel, p-cpe:/a:mandriva:linux:lib64gcj-static-devel, p-cpe:/a:mandriva:linux:lib64gcj14, p-cpe:/a:mandriva:linux:lib64gcj_bc1, p-cpe:/a:mandriva:linux:libasan-devel, p-cpe:/a:mandriva:linux:libasan0, p-cpe:/a:mandriva:linux:libatomic-devel, p-cpe:/a:mandriva:linux:libatomic1, p-cpe:/a:mandriva:linux:libgcc1, p-cpe:/a:mandriva:linux:libgcj14-base, p-cpe:/a:mandriva:linux:libgcj14-src, p-cpe:/a:mandriva:linux:libgfortran3, p-cpe:/a:mandriva:linux:libgnat1, p-cpe:/a:mandriva:linux:libgomp-devel, p-cpe:/a:mandriva:linux:libgomp1, p-cpe:/a:mandriva:linux:libitm-devel, p-cpe:/a:mandriva:linux:libitm1, p-cpe:/a:mandriva:linux:libmudflap-devel, p-cpe:/a:mandriva:linux:libmudflap0, p-cpe:/a:mandriva:linux:libobjc4, p-cpe:/a:mandriva:linux:libquadmath-devel, p-cpe:/a:mandriva:linux:libquadmath0, p-cpe:/a:mandriva:linux:libstdc%2b%2b-devel, p-cpe:/a:mandriva:linux:libstdc%2b%2b-docs, p-cpe:/a:mandriva:linux:libstdc%2b%2b-static-devel, p-cpe:/a:mandriva:linux:libstdc%2b%2b6, p-cpe:/a:mandriva:linux:libtsan-devel, p-cpe:/a:mandriva:linux:libtsan0, cpe:/o:mandriva:business_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/30/2015

Reference Information

CVE: CVE-2014-5044

MDVSA: 2015:170