ESB-2018.0530 - [Debian] gcc-6: Access Privileged Data - Existing Account 2018-02-23

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0530
                gcc-6 adds support for improved Spectre fix
                             23 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           gcc-6
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-5715  

Reference:         ESB-2018.0042.2

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4121

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4121-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 22, 2018                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : gcc-6
CVE ID         : not applicable

This update doesn't fix a vulnerability in GCC itself, but instead
provides support for building retpoline-enabled Linux kernel updates.

For the stable distribution (stretch), this problem has been fixed in
version 6.3.0-18+deb9u1.

We recommend that you upgrade your gcc-6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqO1SdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RM4A//XKsO1h7s5VslFDHmQuoOQ2zJvmvschCZe8HC/du52Vdk0dAishtAwIRE
JTUU7vwSCTyoKzYmu855Db/ET7+Tp5eVa7SZ7JaGyr8J8oO831DY5Zd/KXwOfWiJ
TWubcbBw3hBNtMH00fmKyJLsNUzqPCUpncLY/YeEsKFIicbpPk329j5Wjgp65kvZ
Gtavkw7v9KPQPFYoeHALNnKK1JYwE4jAIRu374KAZ03TOGNHDd5t4co3mIpqtsml
xdyoq03MkBHHcawsstIPovW/Qow3SQ5BxR/NUGMUpd2x+gQWBXLRspvvwgAiTdIy
sl/Sc+i4cbhlkinsWw3J45YHDDAbVlY7vxn+mJkuEhiqHGfUVttQmLJa7xfjqYJ2
0WfVjCFP0L+5WujPGBh5sKK/DV2hlDeThd2U2SbyHNDnSEVQRDkY8jCOdWrVzXGi
0IOytIvIAIFwETWbCw3+BCBn3RxYT8//RXPzrxXyw+JJDQSGOgCJl2MFXTbtgFBb
I46q2UXdlfBPjkHOydj6gnUs/lAg/tq/7rOhUlJ7prgr7Xneucc5leoazgxBzv5c
tysKf9C5VF9WwZXIS+0FWBwTwePOlw11VzJlmrBmmhxUzPgImLqJYUVCZxde15r+
zt1QwsTwzSEfOR7OgpbqHy9a7w1gwq/Jyz6lA+Pe1rPKZYhWeic=
=Y5Pp
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWo95vox+lLeg9Ub1AQjWGA//ewf62A8WJxVg50NsmPHZgB37JK3K577Y
uDPxXDbmr68hfiEpR76QaYw4ywWojwX81DBHi+gpbTR1hxUYzoEZD5O/WixqbjD0
veBUoYQTwrWzeIU/ldCmJhRLqrCjtyouC5UPlIEnAIUQAQ0drP+q2uBqwllCvJBU
+EbnW7iYnle+s3JlIQHDEIchb97xthfkHx2lk76MQKnI6LUFw4MnDMFDMcsZHRtd
mro0mjDvH9COPxx20rCI1RFp8vTMiyFFO6j1FcCaPRCQfEnX4BNiH45/tSFqeDAp
phClvXwSaND4U1JhTUPaJTVNxjbHU2U0cRjwsviIKcnAJWik3njyWui9b0yzFblp
v1LPrbdtZz/aLyQ0ZTdXtW7jXJ6H4klsHnIjsja68IHfWpmKZmvApX+CytJgrstI
sXK4OOH3O5lnGk2DDYsZnUf8vOlJC7jtUD4fS/bBsYHeGmmX70+h4drNnCeEALt/
26iUH50Q9FMZC5Zr3n4ZecVpOC/goFAlgDLPYlGFLwVPq7zWgd5DURAe504EuCeT
vJUUxPmOg+k5vllAv7RKIptDgOc+m8cnTU33fCUus8lnQMfl08eys6K2VEwCaIyB
MHC1l3q1Ejv/j5LsOp2Se8yi35Kys3r8B9MlpeoTIMNXqCTyW4jlaUgUXxl86xkj
zvqqAujROv0=
=JweS
-----END PGP SIGNATURE-----

« Back to bulletins