Overview

File _patchinfo of Package patchinfo.12598

<patchinfo incident="12598">
  <issue tracker="bnc" id="1142654">libstdc++.so misses SDT probes</issue>
  <issue tracker="bnc" id="1142649">VUL-1: CVE-2019-14250: binutils: simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow</issue>
  <issue tracker="bnc" id="1114592">Package gcc7-info, gnat info pages, info dir section erroneous</issue>
  <issue tracker="bnc" id="1135254">libstdc++-v3's STL prettyprinters are not used by gdb</issue>
  <issue tracker="bnc" id="1141897">SLES 15 SP1 - GCC Miscompilation of vector shift</issue>
  <issue tracker="bnc" id="1149145">VUL-0: CVE-2019-15847: gcc7, gcc8: The POWER9 backend in gcc optimizes multiple calls of the __builtin_darn intrinsic into a single call reducing the entropy of the random number generator</issue>
  <issue tracker="bnc" id="1148517">devel:gcc/cross-mips-gcc9: /usr/include/c++/9/cstdlib:41:10: fatal error: bits/c++config.h: No such file or directory</issue>
  <issue tracker="cve" id="2019-15847"/>
  <issue tracker="cve" id="2019-14250"/>
  <issue tracker="jsc" id="SLE-6536"/>
  <issue tracker="jsc" id="SLE-6533"/>
  <packager>rguenther</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for gcc9</summary>
  <description>This update for gcc9 fixes the following issues:

The GNU Compiler Collection is shipped in version 9.

A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html

The compilers have been added to the SUSE Linux Enterprise Toolchain Module.

To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9
CXX=g++-9 set.


For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and
other compiler libraries have been switched from their gcc8 variants to
their gcc9 variants.

Security issues fixed:

- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places