openSUSE Security Update: Security update for gcc9 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0716-1 Rating: moderate References: #1114592 #1135254 #1141897 #1142649 #1142654 #1148517 #1149145 #1149995 #1152590 #1167898 Cross-References: CVE-2019-14250 CVE-2019-15847 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install "gcc9" or "gcc9-c++" or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-716=1 Package List: - openSUSE Leap 15.1 (noarch): gcc9-info-9.3.1+git1296-lp151.2.2 - openSUSE Leap 15.1 (x86_64): cpp9-9.3.1+git1296-lp151.2.2 cpp9-debuginfo-9.3.1+git1296-lp151.2.2 cross-nvptx-gcc9-9.3.1+git1296-lp151.2.1 cross-nvptx-gcc9-debuginfo-9.3.1+git1296-lp151.2.1 cross-nvptx-gcc9-debugsource-9.3.1+git1296-lp151.2.1 cross-nvptx-newlib9-devel-9.3.1+git1296-lp151.2.1 gcc9-32bit-9.3.1+git1296-lp151.2.2 gcc9-9.3.1+git1296-lp151.2.2 gcc9-ada-32bit-9.3.1+git1296-lp151.2.2 gcc9-ada-9.3.1+git1296-lp151.2.2 gcc9-ada-debuginfo-9.3.1+git1296-lp151.2.2 gcc9-c++-32bit-9.3.1+git1296-lp151.2.2 gcc9-c++-9.3.1+git1296-lp151.2.2 gcc9-c++-debuginfo-9.3.1+git1296-lp151.2.2 gcc9-debuginfo-9.3.1+git1296-lp151.2.2 gcc9-debugsource-9.3.1+git1296-lp151.2.2 gcc9-fortran-32bit-9.3.1+git1296-lp151.2.2 gcc9-fortran-9.3.1+git1296-lp151.2.2 gcc9-fortran-debuginfo-9.3.1+git1296-lp151.2.2 gcc9-go-32bit-9.3.1+git1296-lp151.2.2 gcc9-go-9.3.1+git1296-lp151.2.2 gcc9-go-debuginfo-9.3.1+git1296-lp151.2.2 gcc9-locale-9.3.1+git1296-lp151.2.2 libada9-32bit-9.3.1+git1296-lp151.2.2 libada9-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libada9-9.3.1+git1296-lp151.2.2 libada9-debuginfo-9.3.1+git1296-lp151.2.2 libasan5-32bit-9.3.1+git1296-lp151.2.2 libasan5-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libasan5-9.3.1+git1296-lp151.2.2 libasan5-debuginfo-9.3.1+git1296-lp151.2.2 libatomic1-32bit-9.3.1+git1296-lp151.2.2 libatomic1-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libatomic1-9.3.1+git1296-lp151.2.2 libatomic1-debuginfo-9.3.1+git1296-lp151.2.2 libgcc_s1-32bit-9.3.1+git1296-lp151.2.2 libgcc_s1-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libgcc_s1-9.3.1+git1296-lp151.2.2 libgcc_s1-debuginfo-9.3.1+git1296-lp151.2.2 libgfortran5-32bit-9.3.1+git1296-lp151.2.2 libgfortran5-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libgfortran5-9.3.1+git1296-lp151.2.2 libgfortran5-debuginfo-9.3.1+git1296-lp151.2.2 libgo14-32bit-9.3.1+git1296-lp151.2.2 libgo14-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libgo14-9.3.1+git1296-lp151.2.2 libgo14-debuginfo-9.3.1+git1296-lp151.2.2 libgomp1-32bit-9.3.1+git1296-lp151.2.2 libgomp1-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libgomp1-9.3.1+git1296-lp151.2.2 libgomp1-debuginfo-9.3.1+git1296-lp151.2.2 libitm1-32bit-9.3.1+git1296-lp151.2.2 libitm1-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libitm1-9.3.1+git1296-lp151.2.2 libitm1-debuginfo-9.3.1+git1296-lp151.2.2 liblsan0-9.3.1+git1296-lp151.2.2 liblsan0-debuginfo-9.3.1+git1296-lp151.2.2 libquadmath0-32bit-9.3.1+git1296-lp151.2.2 libquadmath0-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libquadmath0-9.3.1+git1296-lp151.2.2 libquadmath0-debuginfo-9.3.1+git1296-lp151.2.2 libstdc++6-32bit-9.3.1+git1296-lp151.2.2 libstdc++6-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libstdc++6-9.3.1+git1296-lp151.2.2 libstdc++6-debuginfo-9.3.1+git1296-lp151.2.2 libstdc++6-devel-gcc9-32bit-9.3.1+git1296-lp151.2.2 libstdc++6-devel-gcc9-9.3.1+git1296-lp151.2.2 libstdc++6-locale-9.3.1+git1296-lp151.2.2 libstdc++6-pp-gcc9-32bit-9.3.1+git1296-lp151.2.2 libstdc++6-pp-gcc9-9.3.1+git1296-lp151.2.2 libtsan0-9.3.1+git1296-lp151.2.2 libtsan0-debuginfo-9.3.1+git1296-lp151.2.2 libubsan1-32bit-9.3.1+git1296-lp151.2.2 libubsan1-32bit-debuginfo-9.3.1+git1296-lp151.2.2 libubsan1-9.3.1+git1296-lp151.2.2 libubsan1-debuginfo-9.3.1+git1296-lp151.2.2 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-15847.html https://bugzilla.suse.com/1114592 https://bugzilla.suse.com/1135254 https://bugzilla.suse.com/1141897 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1142654 https://bugzilla.suse.com/1148517 https://bugzilla.suse.com/1149145 https://bugzilla.suse.com/1149995 https://bugzilla.suse.com/1152590 https://bugzilla.suse.com/1167898 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org