SUSE 5149 Published by

A gcc9 security update has been released for openSUSE Leap 15.1.



security-announce: openSUSE-SU-2020:0716-1: moderate: Security update for gcc9


openSUSE Security Update: Security update for gcc9
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:0716-1
Rating: moderate
References: #1114592 #1135254 #1141897 #1142649 #1142654
#1148517 #1149145 #1149995 #1152590 #1167898

Cross-References: CVE-2019-14250 CVE-2019-15847
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves two vulnerabilities and has 8 fixes
is now available.

Description:


This update includes the GNU Compiler Collection 9.

This update ships the GCC 9.3 release.

A full changelog is provided by the GCC team on:

  https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.

To use it, install "gcc9" or "gcc9-c++" or other compiler brands and use
CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that
optimized multiple calls of the __builtin_darn intrinsic into a single
call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

- Split out libstdc++ pretty-printers into a separate package
supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
- Includes a fix for Internal compiler error when building HepMC
(bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts with
same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-716=1


Package List:

- openSUSE Leap 15.1 (noarch):

gcc9-info-9.3.1+git1296-lp151.2.2

- openSUSE Leap 15.1 (x86_64):

cpp9-9.3.1+git1296-lp151.2.2
cpp9-debuginfo-9.3.1+git1296-lp151.2.2
cross-nvptx-gcc9-9.3.1+git1296-lp151.2.1
cross-nvptx-gcc9-debuginfo-9.3.1+git1296-lp151.2.1
cross-nvptx-gcc9-debugsource-9.3.1+git1296-lp151.2.1
cross-nvptx-newlib9-devel-9.3.1+git1296-lp151.2.1
gcc9-32bit-9.3.1+git1296-lp151.2.2
gcc9-9.3.1+git1296-lp151.2.2
gcc9-ada-32bit-9.3.1+git1296-lp151.2.2
gcc9-ada-9.3.1+git1296-lp151.2.2
gcc9-ada-debuginfo-9.3.1+git1296-lp151.2.2
gcc9-c++-32bit-9.3.1+git1296-lp151.2.2
gcc9-c++-9.3.1+git1296-lp151.2.2
gcc9-c++-debuginfo-9.3.1+git1296-lp151.2.2
gcc9-debuginfo-9.3.1+git1296-lp151.2.2
gcc9-debugsource-9.3.1+git1296-lp151.2.2
gcc9-fortran-32bit-9.3.1+git1296-lp151.2.2
gcc9-fortran-9.3.1+git1296-lp151.2.2
gcc9-fortran-debuginfo-9.3.1+git1296-lp151.2.2
gcc9-go-32bit-9.3.1+git1296-lp151.2.2
gcc9-go-9.3.1+git1296-lp151.2.2
gcc9-go-debuginfo-9.3.1+git1296-lp151.2.2
gcc9-locale-9.3.1+git1296-lp151.2.2
libada9-32bit-9.3.1+git1296-lp151.2.2
libada9-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libada9-9.3.1+git1296-lp151.2.2
libada9-debuginfo-9.3.1+git1296-lp151.2.2
libasan5-32bit-9.3.1+git1296-lp151.2.2
libasan5-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libasan5-9.3.1+git1296-lp151.2.2
libasan5-debuginfo-9.3.1+git1296-lp151.2.2
libatomic1-32bit-9.3.1+git1296-lp151.2.2
libatomic1-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libatomic1-9.3.1+git1296-lp151.2.2
libatomic1-debuginfo-9.3.1+git1296-lp151.2.2
libgcc_s1-32bit-9.3.1+git1296-lp151.2.2
libgcc_s1-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libgcc_s1-9.3.1+git1296-lp151.2.2
libgcc_s1-debuginfo-9.3.1+git1296-lp151.2.2
libgfortran5-32bit-9.3.1+git1296-lp151.2.2
libgfortran5-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libgfortran5-9.3.1+git1296-lp151.2.2
libgfortran5-debuginfo-9.3.1+git1296-lp151.2.2
libgo14-32bit-9.3.1+git1296-lp151.2.2
libgo14-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libgo14-9.3.1+git1296-lp151.2.2
libgo14-debuginfo-9.3.1+git1296-lp151.2.2
libgomp1-32bit-9.3.1+git1296-lp151.2.2
libgomp1-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libgomp1-9.3.1+git1296-lp151.2.2
libgomp1-debuginfo-9.3.1+git1296-lp151.2.2
libitm1-32bit-9.3.1+git1296-lp151.2.2
libitm1-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libitm1-9.3.1+git1296-lp151.2.2
libitm1-debuginfo-9.3.1+git1296-lp151.2.2
liblsan0-9.3.1+git1296-lp151.2.2
liblsan0-debuginfo-9.3.1+git1296-lp151.2.2
libquadmath0-32bit-9.3.1+git1296-lp151.2.2
libquadmath0-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libquadmath0-9.3.1+git1296-lp151.2.2
libquadmath0-debuginfo-9.3.1+git1296-lp151.2.2
libstdc++6-32bit-9.3.1+git1296-lp151.2.2
libstdc++6-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libstdc++6-9.3.1+git1296-lp151.2.2
libstdc++6-debuginfo-9.3.1+git1296-lp151.2.2
libstdc++6-devel-gcc9-32bit-9.3.1+git1296-lp151.2.2
libstdc++6-devel-gcc9-9.3.1+git1296-lp151.2.2
libstdc++6-locale-9.3.1+git1296-lp151.2.2
libstdc++6-pp-gcc9-32bit-9.3.1+git1296-lp151.2.2
libstdc++6-pp-gcc9-9.3.1+git1296-lp151.2.2
libtsan0-9.3.1+git1296-lp151.2.2
libtsan0-debuginfo-9.3.1+git1296-lp151.2.2
libubsan1-32bit-9.3.1+git1296-lp151.2.2
libubsan1-32bit-debuginfo-9.3.1+git1296-lp151.2.2
libubsan1-9.3.1+git1296-lp151.2.2
libubsan1-debuginfo-9.3.1+git1296-lp151.2.2

References:

  https://www.suse.com/security/cve/CVE-2019-14250.html
  https://www.suse.com/security/cve/CVE-2019-15847.html
  https://bugzilla.suse.com/1114592
  https://bugzilla.suse.com/1135254
  https://bugzilla.suse.com/1141897
  https://bugzilla.suse.com/1142649
  https://bugzilla.suse.com/1142654
  https://bugzilla.suse.com/1148517
  https://bugzilla.suse.com/1149145
  https://bugzilla.suse.com/1149995
  https://bugzilla.suse.com/1152590
  https://bugzilla.suse.com/1167898