Headline
Ubuntu Security Notice USN-5770-1
Ubuntu Security Notice 5770-1 - Todd Eisenberger discovered that certain versions of GNU Compiler Collection could be made to clobber the status flag of RDRAND and RDSEED with specially crafted input. This could potentially lead to less randomness in random number generation.
==========================================================================Ubuntu Security Notice USN-5770-1December 08, 2022gcc-5, gccgo-6 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:GNU Compiler Collection's (GCC) random number generation could bemade less random with specially crafted input.Software Description:- gcc-5: GNU C compiler- gccgo-6: GNU Go compilerDetails:Todd Eisenberger discovered that certain versions of GNU CompilerCollection (GCC) could be made to clobber the status flag of RDRANDand RDSEED with specially crafted input. This could potentially leadto less randomness in random number generation.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:g++-5 5.4.0-6ubuntu1~16.04.12+esm2gcc-5 5.4.0-6ubuntu1~16.04.12+esm2gccgo-5 5.4.0-6ubuntu1~16.04.12+esm2gccgo-6 6.0.1-0ubuntu1+esm1gcj-5 5.4.0-6ubuntu1~16.04.12+esm2gcj-5-jdk 5.4.0-6ubuntu1~16.04.12+esm2gcj-5-jre-headless 5.4.0-6ubuntu1~16.04.12+esm2gdc-5 5.4.0-6ubuntu1~16.04.12+esm2gfortran-5 5.4.0-6ubuntu1~16.04.12+esm2gnat-5 5.4.0-6ubuntu1~16.04.12+esm2In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5770-1CVE-2017-11671