157 matches found
OESA-2023-1735 gcc security update
The gcc package contains the GNU Compiler Collection version 10. You'll need this package in order to compile C code. Security Fixes: A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-siz...
CBL Mariner 2.0 Security Update: gcc (CVE-2023-4039)
The version of gcc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4039 advisory. - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacke...
SUSE SLED15 / SLES15 Security Update : gcc7 (SUSE-SU-2023:3686-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3686-1 advisory. - A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit ...
SUSE-SU-2023:3686-1 Security update for gcc7
This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 bsc1214052. Other fixes: - Fixed KASAN kernel compile. bsc1205145 - Fixed ICE with C++17 code as reported in bsc1204505 - Fixed altivec.h redefining bool...
SUSE: Security Advisory (SUSE-SU-2023:3640-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:3662-1 Security update for gcc7
This update for gcc7 fixes the following issues: Security issues fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 bsc1214052. - CVE-2019-15847: Fixed POWER9 DARN miscompilation. bsc1149145 - CVE-2019-14250: Includes fix for LTO linker plugin heap overflow. bsc114264...
SUSE-SU-2023:3661-1 Security update for gcc12
This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 bsc1214052...
SUSE-SU-2023:3640-1 Security update for gcc12
This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 bsc1214052...
GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
...
SUSE CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
DEBIAN-CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
ALPINE-CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
AZL-34695 CVE-2023-4039 affecting package gcc for versions less than 13.2.0-7
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
AZL-28769 CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
Design/Logic Flaw
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
CVE-2023-4039 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
CVE-2023-4039
CVE-2023-4039 describes a GCC stack-protector issue on AArch64: failure of -fstack-protector to detect buffer overflows in C99-style dynamically-sized locals/alloca, unlike static locals. The default overflow handling would terminate the process, but an attacker might influence control flow if an...
CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
Amazon Linux 2 : gcc (ALAS-2023-2245)
The version of gcc installed on the remote host is prior to 7.3.1-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2245 advisory. 2023-09-13: The severity of this advisory was corrected from low to medium. An issue was found in a defense in depth feature of the GC...