Synopsis: Low: gcc security and bug fix update Issue date: 2011-01-13 CVE Names: CVE-2010-0831 CVE-2010-2322 Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially-crafted JAR file, it could cause fastjar to overwrite arbitrary files writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322) This update also fixes the following bugs: * The option -print-multi-os-directory in the gcc --help output is not in the gcc(1) man page. This update applies an upstream patch to amend this. (BZ#529659) * An internal assertion in the compiler tried to check that a C++ static data member is external which resulted in errors. This was because when the compiler optimizes C++ anonymous namespaces the declarations were no longer marked external as everything on anonymous namespaces is local to the current translation. This update corrects the assertion to resolve this issue. (BZ#503565, BZ#508735, BZ#582682) * Attempting to compile certain .cpp files could have resulted in an internal compiler error. This update resolves this issue. (BZ#527510) * PrintServiceLookup.lookupPrintServices with an appropriate DocFlavor failed to return a list of printers under gcj. This update includes a backported patch to correct this bug in the printer lookup service. (BZ#578382) * GCC would not build against xulrunner-devel-1.9.2. This update removes gcjwebplugin from the GCC RPM. (BZ#596097) * When a SystemTap generated kernel module was compiled, gcc reported an internal compiler error and gets a segmentation fault. This update applies a patch that, instead of crashing, assumes it can point to anything. (BZ#605803) * There was a performance issue with libstdc++ regarding all objects derived from or using std::streambuf because of lock contention between threads. This patch ensures reload uses the same value from _S_global for the comparison, _M_add_reference () and _M_impl member of the class. (BZ#635708) SL 5.x SRPMS: gcc-4.1.2-50.el5.src.rpm i386: cpp-4.1.2-50.el5.i386.rpm gcc-4.1.2-50.el5.i386.rpm gcc-c++-4.1.2-50.el5.i386.rpm gcc-gfortran-4.1.2-50.el5.i386.rpm gcc-gnat-4.1.2-50.el5.i386.rpm gcc-java-4.1.2-50.el5.i386.rpm gcc-objc-4.1.2-50.el5.i386.rpm gcc-objc++-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.i386.rpm libgcj-4.1.2-50.el5.i386.rpm libgcj-devel-4.1.2-50.el5.i386.rpm libgcj-src-4.1.2-50.el5.i386.rpm libgfortran-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.i386.rpm libmudflap-4.1.2-50.el5.i386.rpm libmudflap-devel-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.i386.rpm libstdc++-devel-4.1.2-50.el5.i386.rpm x86_64: cpp-4.1.2-50.el5.x86_64.rpm gcc-4.1.2-50.el5.x86_64.rpm gcc-c++-4.1.2-50.el5.x86_64.rpm gcc-gfortran-4.1.2-50.el5.x86_64.rpm gcc-gnat-4.1.2-50.el5.x86_64.rpm gcc-java-4.1.2-50.el5.x86_64.rpm gcc-objc-4.1.2-50.el5.x86_64.rpm gcc-objc++-4.1.2-50.el5.x86_64.rpm libgcc-4.1.2-50.el5.i386.rpm libgcc-4.1.2-50.el5.x86_64.rpm libgcj-4.1.2-50.el5.i386.rpm libgcj-4.1.2-50.el5.x86_64.rpm libgcj-devel-4.1.2-50.el5.i386.rpm libgcj-devel-4.1.2-50.el5.x86_64.rpm libgcj-src-4.1.2-50.el5.x86_64.rpm libgfortran-4.1.2-50.el5.i386.rpm libgfortran-4.1.2-50.el5.x86_64.rpm libgnat-4.1.2-50.el5.i386.rpm libgnat-4.1.2-50.el5.x86_64.rpm libmudflap-4.1.2-50.el5.i386.rpm libmudflap-4.1.2-50.el5.x86_64.rpm libmudflap-devel-4.1.2-50.el5.i386.rpm libmudflap-devel-4.1.2-50.el5.x86_64.rpm libobjc-4.1.2-50.el5.i386.rpm libobjc-4.1.2-50.el5.x86_64.rpm libstdc++-4.1.2-50.el5.i386.rpm libstdc++-4.1.2-50.el5.x86_64.rpm libstdc++-devel-4.1.2-50.el5.i386.rpm libstdc++-devel-4.1.2-50.el5.x86_64.rpm -Connie Sieh -Troy Dawson