Headline
Gentoo Linux Security Advisory 202409-22
Gentoo Linux Security Advisory 202409-22 - A vulnerability has been discovered in GCC, which can lead to flawed code generation. Versions greater than or equal to 10.0 are affected.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory GLSA 202409-22- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GCC: Flawed Code Generation Date: September 24, 2024 Bugs: #719466 ID: 202409-22- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========A vulnerability has been discovered in GCC, which can lead to flawedcode generation.Background==========The GNU Compiler Collection includes front ends for C, C++, Objective-C,Fortran, Ada, Go, D and Modula-2 as well as libraries for theselanguages (libstdc++,...).Affected packages=================Package Vulnerable Unaffected------------- ------------ ------------sys-devel/gcc < 10.0 >= 10.0Description===========A vulnerability has been discovered in GCC. Please review the CVEidentifier referenced below for details.Impact======The POWER9 backend in GNU Compiler Collection (GCC) could optimizemultiple calls of the __builtin_darn intrinsic into a single call, thusreducing the entropy of the random number generator. This occurredbecause a volatile operation was not specified. For example, within asingle execution of a program, the output of every __builtin_darn() callmay be the same.Workaround==========There is no known workaround at this time.Resolution==========All GCC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/gcc-10.0"And then select it with gcc-config: # gcc-config latestIn this case, users should also rebuild all affected packages withemerge -e, e.g.: # emerge --usepkg=n --emptytree @worldReferences==========[ 1 ] CVE-2019-15847 https://nvd.nist.gov/vuln/detail/CVE-2019-15847Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202409-22Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed [email protected] or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5
Related news
CVE-2023-43074: DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.