SCIENTIFIC-LINUX-ERRATA Archives

January 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: gcc and gcc4 on SL3.x, SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 20 Jan 2010 13:36:55 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (211 lines) 
Synopsis:	Moderate: gcc and gcc4 security update
Issue date:	2010-01-13
CVE Names:	CVE-2009-3736

CVE-2009-3736 libtool: libltdl may load and execute code from a library 
in the current directory

A flaw was found in the way GNU Libtool's libltdl library looked for
libraries to load. It was possible for libltdl to load a malicious 
library from the current working directory. In certain configurations, 
if a local attacker is able to trick a local user into running a Java 
application (which uses a function to load native libraries, such as
System.loadLibrary) from within an attacker-controlled directory 
containing a malicious library or module, the attacker could possibly 
execute arbitrary code with the privileges of the user running the Java
application. (CVE-2009-3736)

All running Java applications using libgcj must be restarted for this 
update to take effect.

SL 3.0.x

       SRPMS:
gcc-3.2.3-60.src.rpm
       i386:
cpp-3.2.3-60.i386.rpm
gcc-3.2.3-60.i386.rpm
gcc-c++-3.2.3-60.i386.rpm
gcc-g77-3.2.3-60.i386.rpm
gcc-gnat-3.2.3-60.i386.rpm
gcc-java-3.2.3-60.i386.rpm
gcc-objc-3.2.3-60.i386.rpm
libf2c-3.2.3-60.i386.rpm
libgcc-3.2.3-60.i386.rpm
libgcj-3.2.3-60.i386.rpm
libgcj-devel-3.2.3-60.i386.rpm
libgnat-3.2.3-60.i386.rpm
libobjc-3.2.3-60.i386.rpm
libstdc++-3.2.3-60.i386.rpm
libstdc++-devel-3.2.3-60.i386.rpm
       x86_64:
cpp-3.2.3-60.x86_64.rpm
gcc-3.2.3-60.x86_64.rpm
gcc-c++-3.2.3-60.x86_64.rpm
gcc-g77-3.2.3-60.x86_64.rpm
gcc-gnat-3.2.3-60.x86_64.rpm
gcc-java-3.2.3-60.x86_64.rpm
gcc-objc-3.2.3-60.x86_64.rpm
libf2c-3.2.3-60.i386.rpm
libf2c-3.2.3-60.x86_64.rpm
libgcc-3.2.3-60.i386.rpm
libgcc-3.2.3-60.x86_64.rpm
libgcj-3.2.3-60.i386.rpm
libgcj-3.2.3-60.x86_64.rpm
libgcj-devel-3.2.3-60.x86_64.rpm
libgnat-3.2.3-60.i386.rpm
libgnat-3.2.3-60.x86_64.rpm
libobjc-3.2.3-60.i386.rpm
libobjc-3.2.3-60.x86_64.rpm
libstdc++-3.2.3-60.i386.rpm
libstdc++-3.2.3-60.x86_64.rpm
libstdc++-devel-3.2.3-60.i386.rpm
libstdc++-devel-3.2.3-60.x86_64.rpm

SL 4.x

       SRPMS:
gcc-3.4.6-11.el4_8.1.src.rpm
gcc4-4.1.2-44.EL4_8.1.src.rpm
       i386:
cpp-3.4.6-11.el4_8.1.i386.rpm
gcc-3.4.6-11.el4_8.1.i386.rpm
gcc4-4.1.2-44.EL4_8.1.i386.rpm
gcc4-c++-4.1.2-44.EL4_8.1.i386.rpm
gcc4-gfortran-4.1.2-44.EL4_8.1.i386.rpm
gcc4-java-4.1.2-44.EL4_8.1.i386.rpm
gcc-c++-3.4.6-11.el4_8.1.i386.rpm
gcc-g77-3.4.6-11.el4_8.1.i386.rpm
gcc-gnat-3.4.6-11.el4_8.1.i386.rpm
gcc-java-3.4.6-11.el4_8.1.i386.rpm
gcc-objc-3.4.6-11.el4_8.1.i386.rpm
libf2c-3.4.6-11.el4_8.1.i386.rpm
libgcc-3.4.6-11.el4_8.1.i386.rpm
libgcj-3.4.6-11.el4_8.1.i386.rpm
libgcj4-4.1.2-44.EL4_8.1.i386.rpm
libgcj4-devel-4.1.2-44.EL4_8.1.i386.rpm
libgcj4-src-4.1.2-44.EL4_8.1.i386.rpm
libgcj-devel-3.4.6-11.el4_8.1.i386.rpm
libgfortran-4.1.2-44.EL4_8.1.i386.rpm
libgnat-3.4.6-11.el4_8.1.i386.rpm
libgomp-4.1.2-44.EL4_8.1.i386.rpm
libmudflap-4.1.2-44.EL4_8.1.i386.rpm
libmudflap-devel-4.1.2-44.EL4_8.1.i386.rpm
libobjc-3.4.6-11.el4_8.1.i386.rpm
libstdc++-3.4.6-11.el4_8.1.i386.rpm
libstdc++-devel-3.4.6-11.el4_8.1.i386.rpm
       x86_64:
cpp-3.4.6-11.el4_8.1.x86_64.rpm
gcc-3.4.6-11.el4_8.1.x86_64.rpm
gcc4-4.1.2-44.EL4_8.1.x86_64.rpm
gcc4-c++-4.1.2-44.EL4_8.1.x86_64.rpm
gcc4-gfortran-4.1.2-44.EL4_8.1.x86_64.rpm
gcc4-java-4.1.2-44.EL4_8.1.x86_64.rpm
gcc-c++-3.4.6-11.el4_8.1.x86_64.rpm
gcc-g77-3.4.6-11.el4_8.1.x86_64.rpm
gcc-gnat-3.4.6-11.el4_8.1.x86_64.rpm
gcc-java-3.4.6-11.el4_8.1.x86_64.rpm
gcc-objc-3.4.6-11.el4_8.1.x86_64.rpm
libf2c-3.4.6-11.el4_8.1.i386.rpm
libf2c-3.4.6-11.el4_8.1.x86_64.rpm
libgcc-3.4.6-11.el4_8.1.i386.rpm
libgcc-3.4.6-11.el4_8.1.x86_64.rpm
libgcj-3.4.6-11.el4_8.1.i386.rpm
libgcj-3.4.6-11.el4_8.1.x86_64.rpm
libgcj4-4.1.2-44.EL4_8.1.i386.rpm
libgcj4-4.1.2-44.EL4_8.1.x86_64.rpm
libgcj4-devel-4.1.2-44.EL4_8.1.x86_64.rpm
libgcj4-src-4.1.2-44.EL4_8.1.x86_64.rpm
libgcj-devel-3.4.6-11.el4_8.1.x86_64.rpm
libgfortran-4.1.2-44.EL4_8.1.i386.rpm
libgfortran-4.1.2-44.EL4_8.1.x86_64.rpm
libgnat-3.4.6-11.el4_8.1.i386.rpm
libgnat-3.4.6-11.el4_8.1.x86_64.rpm
libgomp-4.1.2-44.EL4_8.1.i386.rpm
libgomp-4.1.2-44.EL4_8.1.x86_64.rpm
libmudflap-4.1.2-44.EL4_8.1.i386.rpm
libmudflap-4.1.2-44.EL4_8.1.x86_64.rpm
libmudflap-devel-4.1.2-44.EL4_8.1.x86_64.rpm
libobjc-3.4.6-11.el4_8.1.i386.rpm
libobjc-3.4.6-11.el4_8.1.x86_64.rpm
libstdc++-3.4.6-11.el4_8.1.i386.rpm
libstdc++-3.4.6-11.el4_8.1.x86_64.rpm
libstdc++-devel-3.4.6-11.el4_8.1.i386.rpm
libstdc++-devel-3.4.6-11.el4_8.1.x86_64.rpm

SL 5.x

       SRPMS:
gcc-4.1.2-46.el5_4.2.src.rpm
       i386:
cpp-4.1.2-46.el5_4.2.i386.rpm
gcc-4.1.2-46.el5_4.2.i386.rpm
gcc-c++-4.1.2-46.el5_4.2.i386.rpm
gcc-gfortran-4.1.2-46.el5_4.2.i386.rpm
gcc-gnat-4.1.2-46.el5_4.2.i386.rpm
gcc-java-4.1.2-46.el5_4.2.i386.rpm
gcc-objc-4.1.2-46.el5_4.2.i386.rpm
gcc-objc++-4.1.2-46.el5_4.2.i386.rpm
libgcc-4.1.2-46.el5_4.2.i386.rpm
libgcj-4.1.2-46.el5_4.2.i386.rpm
libgcj-devel-4.1.2-46.el5_4.2.i386.rpm
libgcj-src-4.1.2-46.el5_4.2.i386.rpm
libgfortran-4.1.2-46.el5_4.2.i386.rpm
libgnat-4.1.2-46.el5_4.2.i386.rpm
libmudflap-4.1.2-46.el5_4.2.i386.rpm
libmudflap-devel-4.1.2-46.el5_4.2.i386.rpm
libobjc-4.1.2-46.el5_4.2.i386.rpm
libstdc++-4.1.2-46.el5_4.2.i386.rpm
libstdc++-devel-4.1.2-46.el5_4.2.i386.rpm
   Dependancies for SL 5.0, 5.1, 5.2 and 5.3:
gcc44-4.4.0-6.el5.i386.rpm
gcc44-c++-4.4.0-6.el5.i386.rpm
gcc44-gfortran-4.4.0-6.el5.i386.rpm
libgfortran44-4.4.0-6.el5.i386.rpm
libgomp-4.4.0-6.el5.i386.rpm
libstdc++44-devel-4.4.0-6.el5.i386.rpm

       x86_64:
cpp-4.1.2-46.el5_4.2.x86_64.rpm
gcc-4.1.2-46.el5_4.2.x86_64.rpm
gcc-c++-4.1.2-46.el5_4.2.x86_64.rpm
gcc-gfortran-4.1.2-46.el5_4.2.x86_64.rpm
gcc-gnat-4.1.2-46.el5_4.2.x86_64.rpm
gcc-java-4.1.2-46.el5_4.2.x86_64.rpm
gcc-objc-4.1.2-46.el5_4.2.x86_64.rpm
gcc-objc++-4.1.2-46.el5_4.2.x86_64.rpm
libgcc-4.1.2-46.el5_4.2.i386.rpm
libgcc-4.1.2-46.el5_4.2.x86_64.rpm
libgcj-4.1.2-46.el5_4.2.i386.rpm
libgcj-4.1.2-46.el5_4.2.x86_64.rpm
libgcj-devel-4.1.2-46.el5_4.2.i386.rpm
libgcj-devel-4.1.2-46.el5_4.2.x86_64.rpm
libgcj-src-4.1.2-46.el5_4.2.x86_64.rpm
libgfortran-4.1.2-46.el5_4.2.i386.rpm
libgfortran-4.1.2-46.el5_4.2.x86_64.rpm
libgnat-4.1.2-46.el5_4.2.i386.rpm
libgnat-4.1.2-46.el5_4.2.x86_64.rpm
libmudflap-4.1.2-46.el5_4.2.i386.rpm
libmudflap-4.1.2-46.el5_4.2.x86_64.rpm
libmudflap-devel-4.1.2-46.el5_4.2.i386.rpm
libmudflap-devel-4.1.2-46.el5_4.2.x86_64.rpm
libobjc-4.1.2-46.el5_4.2.i386.rpm
libobjc-4.1.2-46.el5_4.2.x86_64.rpm
libstdc++-4.1.2-46.el5_4.2.i386.rpm
libstdc++-4.1.2-46.el5_4.2.x86_64.rpm
libstdc++-devel-4.1.2-46.el5_4.2.i386.rpm
libstdc++-devel-4.1.2-46.el5_4.2.x86_64.rpm
   Dependancies for SL 5.0, 5.1, 5.2 and 5.3:
gcc44-4.4.0-6.el5.x86_64.rpm
gcc44-c++-4.4.0-6.el5.x86_64.rpm
gcc44-gfortran-4.4.0-6.el5.x86_64.rpm
libgfortran44-4.4.0-6.el5.i386.rpm
libgfortran44-4.4.0-6.el5.x86_64.rpm
libgomp-4.4.0-6.el5.i386.rpm
libgomp-4.4.0-6.el5.x86_64.rpm
libstdc++44-devel-4.4.0-6.el5.i386.rpm
libstdc++44-devel-4.4.0-6.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2