Synopsis: Moderate: gcc and gcc4 security update Issue date: 2010-01-13 CVE Names: CVE-2009-3736 CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All running Java applications using libgcj must be restarted for this update to take effect. SL 3.0.x SRPMS: gcc-3.2.3-60.src.rpm i386: cpp-3.2.3-60.i386.rpm gcc-3.2.3-60.i386.rpm gcc-c++-3.2.3-60.i386.rpm gcc-g77-3.2.3-60.i386.rpm gcc-gnat-3.2.3-60.i386.rpm gcc-java-3.2.3-60.i386.rpm gcc-objc-3.2.3-60.i386.rpm libf2c-3.2.3-60.i386.rpm libgcc-3.2.3-60.i386.rpm libgcj-3.2.3-60.i386.rpm libgcj-devel-3.2.3-60.i386.rpm libgnat-3.2.3-60.i386.rpm libobjc-3.2.3-60.i386.rpm libstdc++-3.2.3-60.i386.rpm libstdc++-devel-3.2.3-60.i386.rpm x86_64: cpp-3.2.3-60.x86_64.rpm gcc-3.2.3-60.x86_64.rpm gcc-c++-3.2.3-60.x86_64.rpm gcc-g77-3.2.3-60.x86_64.rpm gcc-gnat-3.2.3-60.x86_64.rpm gcc-java-3.2.3-60.x86_64.rpm gcc-objc-3.2.3-60.x86_64.rpm libf2c-3.2.3-60.i386.rpm libf2c-3.2.3-60.x86_64.rpm libgcc-3.2.3-60.i386.rpm libgcc-3.2.3-60.x86_64.rpm libgcj-3.2.3-60.i386.rpm libgcj-3.2.3-60.x86_64.rpm libgcj-devel-3.2.3-60.x86_64.rpm libgnat-3.2.3-60.i386.rpm libgnat-3.2.3-60.x86_64.rpm libobjc-3.2.3-60.i386.rpm libobjc-3.2.3-60.x86_64.rpm libstdc++-3.2.3-60.i386.rpm libstdc++-3.2.3-60.x86_64.rpm libstdc++-devel-3.2.3-60.i386.rpm libstdc++-devel-3.2.3-60.x86_64.rpm SL 4.x SRPMS: gcc-3.4.6-11.el4_8.1.src.rpm gcc4-4.1.2-44.EL4_8.1.src.rpm i386: cpp-3.4.6-11.el4_8.1.i386.rpm gcc-3.4.6-11.el4_8.1.i386.rpm gcc4-4.1.2-44.EL4_8.1.i386.rpm gcc4-c++-4.1.2-44.EL4_8.1.i386.rpm gcc4-gfortran-4.1.2-44.EL4_8.1.i386.rpm gcc4-java-4.1.2-44.EL4_8.1.i386.rpm gcc-c++-3.4.6-11.el4_8.1.i386.rpm gcc-g77-3.4.6-11.el4_8.1.i386.rpm gcc-gnat-3.4.6-11.el4_8.1.i386.rpm gcc-java-3.4.6-11.el4_8.1.i386.rpm gcc-objc-3.4.6-11.el4_8.1.i386.rpm libf2c-3.4.6-11.el4_8.1.i386.rpm libgcc-3.4.6-11.el4_8.1.i386.rpm libgcj-3.4.6-11.el4_8.1.i386.rpm libgcj4-4.1.2-44.EL4_8.1.i386.rpm libgcj4-devel-4.1.2-44.EL4_8.1.i386.rpm libgcj4-src-4.1.2-44.EL4_8.1.i386.rpm libgcj-devel-3.4.6-11.el4_8.1.i386.rpm libgfortran-4.1.2-44.EL4_8.1.i386.rpm libgnat-3.4.6-11.el4_8.1.i386.rpm libgomp-4.1.2-44.EL4_8.1.i386.rpm libmudflap-4.1.2-44.EL4_8.1.i386.rpm libmudflap-devel-4.1.2-44.EL4_8.1.i386.rpm libobjc-3.4.6-11.el4_8.1.i386.rpm libstdc++-3.4.6-11.el4_8.1.i386.rpm libstdc++-devel-3.4.6-11.el4_8.1.i386.rpm x86_64: cpp-3.4.6-11.el4_8.1.x86_64.rpm gcc-3.4.6-11.el4_8.1.x86_64.rpm gcc4-4.1.2-44.EL4_8.1.x86_64.rpm gcc4-c++-4.1.2-44.EL4_8.1.x86_64.rpm gcc4-gfortran-4.1.2-44.EL4_8.1.x86_64.rpm gcc4-java-4.1.2-44.EL4_8.1.x86_64.rpm gcc-c++-3.4.6-11.el4_8.1.x86_64.rpm gcc-g77-3.4.6-11.el4_8.1.x86_64.rpm gcc-gnat-3.4.6-11.el4_8.1.x86_64.rpm gcc-java-3.4.6-11.el4_8.1.x86_64.rpm gcc-objc-3.4.6-11.el4_8.1.x86_64.rpm libf2c-3.4.6-11.el4_8.1.i386.rpm libf2c-3.4.6-11.el4_8.1.x86_64.rpm libgcc-3.4.6-11.el4_8.1.i386.rpm libgcc-3.4.6-11.el4_8.1.x86_64.rpm libgcj-3.4.6-11.el4_8.1.i386.rpm libgcj-3.4.6-11.el4_8.1.x86_64.rpm libgcj4-4.1.2-44.EL4_8.1.i386.rpm libgcj4-4.1.2-44.EL4_8.1.x86_64.rpm libgcj4-devel-4.1.2-44.EL4_8.1.x86_64.rpm libgcj4-src-4.1.2-44.EL4_8.1.x86_64.rpm libgcj-devel-3.4.6-11.el4_8.1.x86_64.rpm libgfortran-4.1.2-44.EL4_8.1.i386.rpm libgfortran-4.1.2-44.EL4_8.1.x86_64.rpm libgnat-3.4.6-11.el4_8.1.i386.rpm libgnat-3.4.6-11.el4_8.1.x86_64.rpm libgomp-4.1.2-44.EL4_8.1.i386.rpm libgomp-4.1.2-44.EL4_8.1.x86_64.rpm libmudflap-4.1.2-44.EL4_8.1.i386.rpm libmudflap-4.1.2-44.EL4_8.1.x86_64.rpm libmudflap-devel-4.1.2-44.EL4_8.1.x86_64.rpm libobjc-3.4.6-11.el4_8.1.i386.rpm libobjc-3.4.6-11.el4_8.1.x86_64.rpm libstdc++-3.4.6-11.el4_8.1.i386.rpm libstdc++-3.4.6-11.el4_8.1.x86_64.rpm libstdc++-devel-3.4.6-11.el4_8.1.i386.rpm libstdc++-devel-3.4.6-11.el4_8.1.x86_64.rpm SL 5.x SRPMS: gcc-4.1.2-46.el5_4.2.src.rpm i386: cpp-4.1.2-46.el5_4.2.i386.rpm gcc-4.1.2-46.el5_4.2.i386.rpm gcc-c++-4.1.2-46.el5_4.2.i386.rpm gcc-gfortran-4.1.2-46.el5_4.2.i386.rpm gcc-gnat-4.1.2-46.el5_4.2.i386.rpm gcc-java-4.1.2-46.el5_4.2.i386.rpm gcc-objc-4.1.2-46.el5_4.2.i386.rpm gcc-objc++-4.1.2-46.el5_4.2.i386.rpm libgcc-4.1.2-46.el5_4.2.i386.rpm libgcj-4.1.2-46.el5_4.2.i386.rpm libgcj-devel-4.1.2-46.el5_4.2.i386.rpm libgcj-src-4.1.2-46.el5_4.2.i386.rpm libgfortran-4.1.2-46.el5_4.2.i386.rpm libgnat-4.1.2-46.el5_4.2.i386.rpm libmudflap-4.1.2-46.el5_4.2.i386.rpm libmudflap-devel-4.1.2-46.el5_4.2.i386.rpm libobjc-4.1.2-46.el5_4.2.i386.rpm libstdc++-4.1.2-46.el5_4.2.i386.rpm libstdc++-devel-4.1.2-46.el5_4.2.i386.rpm Dependancies for SL 5.0, 5.1, 5.2 and 5.3: gcc44-4.4.0-6.el5.i386.rpm gcc44-c++-4.4.0-6.el5.i386.rpm gcc44-gfortran-4.4.0-6.el5.i386.rpm libgfortran44-4.4.0-6.el5.i386.rpm libgomp-4.4.0-6.el5.i386.rpm libstdc++44-devel-4.4.0-6.el5.i386.rpm x86_64: cpp-4.1.2-46.el5_4.2.x86_64.rpm gcc-4.1.2-46.el5_4.2.x86_64.rpm gcc-c++-4.1.2-46.el5_4.2.x86_64.rpm gcc-gfortran-4.1.2-46.el5_4.2.x86_64.rpm gcc-gnat-4.1.2-46.el5_4.2.x86_64.rpm gcc-java-4.1.2-46.el5_4.2.x86_64.rpm gcc-objc-4.1.2-46.el5_4.2.x86_64.rpm gcc-objc++-4.1.2-46.el5_4.2.x86_64.rpm libgcc-4.1.2-46.el5_4.2.i386.rpm libgcc-4.1.2-46.el5_4.2.x86_64.rpm libgcj-4.1.2-46.el5_4.2.i386.rpm libgcj-4.1.2-46.el5_4.2.x86_64.rpm libgcj-devel-4.1.2-46.el5_4.2.i386.rpm libgcj-devel-4.1.2-46.el5_4.2.x86_64.rpm libgcj-src-4.1.2-46.el5_4.2.x86_64.rpm libgfortran-4.1.2-46.el5_4.2.i386.rpm libgfortran-4.1.2-46.el5_4.2.x86_64.rpm libgnat-4.1.2-46.el5_4.2.i386.rpm libgnat-4.1.2-46.el5_4.2.x86_64.rpm libmudflap-4.1.2-46.el5_4.2.i386.rpm libmudflap-4.1.2-46.el5_4.2.x86_64.rpm libmudflap-devel-4.1.2-46.el5_4.2.i386.rpm libmudflap-devel-4.1.2-46.el5_4.2.x86_64.rpm libobjc-4.1.2-46.el5_4.2.i386.rpm libobjc-4.1.2-46.el5_4.2.x86_64.rpm libstdc++-4.1.2-46.el5_4.2.i386.rpm libstdc++-4.1.2-46.el5_4.2.x86_64.rpm libstdc++-devel-4.1.2-46.el5_4.2.i386.rpm libstdc++-devel-4.1.2-46.el5_4.2.x86_64.rpm Dependancies for SL 5.0, 5.1, 5.2 and 5.3: gcc44-4.4.0-6.el5.x86_64.rpm gcc44-c++-4.4.0-6.el5.x86_64.rpm gcc44-gfortran-4.4.0-6.el5.x86_64.rpm libgfortran44-4.4.0-6.el5.i386.rpm libgfortran44-4.4.0-6.el5.x86_64.rpm libgomp-4.4.0-6.el5.i386.rpm libgomp-4.4.0-6.el5.x86_64.rpm libstdc++44-devel-4.4.0-6.el5.i386.rpm libstdc++44-devel-4.4.0-6.el5.x86_64.rpm -Connie Sieh -Troy Dawson