[USN-5770-1] GCC vulnerability
Mark Esler
mark.esler at canonical.com
Thu Dec 8 20:38:39 UTC 2022
==========================================================================
Ubuntu Security Notice USN-5770-1
December 08, 2022
gcc-5, gccgo-6 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
GNU Compiler Collection's (GCC) random number generation could be
made less random with specially crafted input.
Software Description:
- gcc-5: GNU C compiler
- gccgo-6: GNU Go compiler
Details:
Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
g++-5 5.4.0-6ubuntu1~16.04.12+esm2
gcc-5 5.4.0-6ubuntu1~16.04.12+esm2
gccgo-5 5.4.0-6ubuntu1~16.04.12+esm2
gccgo-6 6.0.1-0ubuntu1+esm1
gcj-5 5.4.0-6ubuntu1~16.04.12+esm2
gcj-5-jdk 5.4.0-6ubuntu1~16.04.12+esm2
gcj-5-jre-headless 5.4.0-6ubuntu1~16.04.12+esm2
gdc-5 5.4.0-6ubuntu1~16.04.12+esm2
gfortran-5 5.4.0-6ubuntu1~16.04.12+esm2
gnat-5 5.4.0-6ubuntu1~16.04.12+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5770-1
CVE-2017-11671
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xD60B83C90513BD4F.asc
Type: application/pgp-keys
Size: 4646 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20221208/ad6f4832/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20221208/ad6f4832/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list