Security update for gcc7

Announcement ID:	SUSE-SU-2023:3662-1
Rating:	important
References:	bsc#1071995 bsc#1084842 bsc#1114592 bsc#1124644 bsc#1128794 bsc#1129389 bsc#1131264 bsc#1141897 bsc#1142649 bsc#1146475 bsc#1148517 bsc#1149145 bsc#1150164 bsc#1160086 bsc#1161913 bsc#1167939 bsc#1172798 bsc#1178577 bsc#1178614 bsc#1178624 bsc#1178675 bsc#1181618 bsc#1195517 bsc#1196861 bsc#1204505 bsc#1205145 bsc#1214052 jsc#SLE-12209 jsc#SLE-6738
Cross-References:	CVE-2019-14250 CVE-2019-15847 CVE-2020-13844 CVE-2023-4039
CVSS scores:	CVE-2019-14250 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2019-14250 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-14250 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2019-15847 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-15847 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-15847 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-13844 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-13844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-4039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-4039 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 Toolchain Module 12

An update that solves four vulnerabilities, contains two features and has 23 security fixes can now be installed.

Description:

This update for gcc7 fixes the following issues:

Security issues fixed:

• CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
• CVE-2019-15847: Fixed POWER9 DARN miscompilation. (bsc#1149145)
• CVE-2019-14250: Includes fix for LTO linker plugin heap overflow. (bsc#1142649)

Update to GCC 7.5.0 release.

Other changes:

• Fixed KASAN kernel compile. (bsc#1205145)
• Fixed ICE with C++17 code. (bsc#1204505)
• Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517):
• Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
• Do not handle exceptions in std::thread (jsc#CAR-1182)
• add -fpatchable-function-entry feature to gcc-7.
• Fixed glibc namespace violation with getauxval. (bsc#1167939)
• Backport aarch64 Straight Line Speculation mitigation [bsc#1172798, CVE-2020-13844]
• Enable fortran for the nvptx offload compiler.
• Update README.First-for.SuSE.packagers
• Avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.
• Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. (jsc#SLE-12209, bsc#1167939)
• Fixed memcpy miscompilation on aarch64. (bsc#1178624, bsc#1178577)
• Fixed debug line info for try/catch. (bsc#1178614)
• Fixed corruption of pass private ->aux via DF. (gcc#94148)
• Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]
• Fixed register allocation issue with exception handling code on s390x. (bsc#1161913)
• Backport PR target/92692 to fix miscompilation of some atomic code on aarch64. (bsc#1150164)
• Fixed miscompilation in vectorized code for s390x. (bsc#1160086) [gcc#92950]
• Fixed miscompilation with thread-safe local static initialization. [gcc#85887]
• Fixed debug info created for array definitions that complete an earlier declaration. [bsc#1146475]
• Fixed vector shift miscompilation on s390. (bsc#1141897)
• Add gcc7 -flive-patching patch. [bsc#1071995, fate#323487]
• Strip -flto from $optflags.
• Disables switch jump-tables when retpolines are used. (bsc#1131264, jsc#SLE-6738)
• Fixed ICE compiling tensorflow on aarch64. (bsc#1129389)
• Fixed for aarch64 FMA steering pass use-after-free. (bsc#1128794)
• Fixed ICE compiling tensorflow. (bsc#1129389)
• Fixed s390x FP load-and-test issue. (bsc#1124644)
• Adjust gnat manual entries in the info directory. (bsc#1114592)
• Fixed to no longer try linking -lieee with -mieee-fp. (bsc#1084842)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Toolchain Module 12
  zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-3662=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3662=1

Package List:

• Toolchain Module 12 (aarch64 ppc64le s390x x86_64)
  • gcc7-c++-debuginfo-7.5.0+r278197-13.1
  • gcc7-locale-7.5.0+r278197-13.1
  • gcc7-7.5.0+r278197-13.1
  • cpp7-debuginfo-7.5.0+r278197-13.1
  • gcc7-c++-7.5.0+r278197-13.1
  • gcc7-debuginfo-7.5.0+r278197-13.1
  • gcc7-fortran-7.5.0+r278197-13.1
  • cpp7-7.5.0+r278197-13.1
  • gcc7-fortran-debuginfo-7.5.0+r278197-13.1
  • gcc7-debugsource-7.5.0+r278197-13.1
  • libstdc++6-devel-gcc7-7.5.0+r278197-13.1
• Toolchain Module 12 (noarch)
  • gcc7-info-7.5.0+r278197-13.1
• Toolchain Module 12 (s390x x86_64)
  • gcc7-fortran-32bit-7.5.0+r278197-13.1
  • libstdc++6-devel-gcc7-32bit-7.5.0+r278197-13.1
  • gcc7-c++-32bit-7.5.0+r278197-13.1
  • gcc7-32bit-7.5.0+r278197-13.1
• Toolchain Module 12 (x86_64)
  • gcc7-ada-7.5.0+r278197-13.1
  • libada7-32bit-7.5.0+r278197-13.1
  • libada7-32bit-debuginfo-7.5.0+r278197-13.1
  • gcc7-ada-debuginfo-7.5.0+r278197-13.1
  • cross-nvptx-newlib7-devel-7.5.0+r278197-13.1
  • libada7-7.5.0+r278197-13.1
  • gcc7-ada-32bit-7.5.0+r278197-13.1
  • libada7-debuginfo-7.5.0+r278197-13.1
  • cross-nvptx-gcc7-7.5.0+r278197-13.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • libasan4-7.5.0+r278197-13.1
  • libubsan0-7.5.0+r278197-13.1
  • gcc7-debuginfo-7.5.0+r278197-13.1
  • libasan4-debuginfo-7.5.0+r278197-13.1
  • libgfortran4-debuginfo-7.5.0+r278197-13.1
  • libgfortran4-7.5.0+r278197-13.1
  • gcc7-debugsource-7.5.0+r278197-13.1
  • libubsan0-debuginfo-7.5.0+r278197-13.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • libcilkrts5-32bit-7.5.0+r278197-13.1
  • libgfortran4-32bit-7.5.0+r278197-13.1
  • libcilkrts5-7.5.0+r278197-13.1
  • libcilkrts5-debuginfo-7.5.0+r278197-13.1
  • libubsan0-32bit-7.5.0+r278197-13.1
  • libasan4-32bit-7.5.0+r278197-13.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • libasan4-7.5.0+r278197-13.1
  • libubsan0-7.5.0+r278197-13.1
  • gcc7-debuginfo-7.5.0+r278197-13.1
  • libasan4-debuginfo-7.5.0+r278197-13.1
  • libgfortran4-debuginfo-7.5.0+r278197-13.1
  • libgfortran4-7.5.0+r278197-13.1
  • gcc7-debugsource-7.5.0+r278197-13.1
  • libubsan0-debuginfo-7.5.0+r278197-13.1
• SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
  • libubsan0-32bit-7.5.0+r278197-13.1
  • libgfortran4-32bit-7.5.0+r278197-13.1
  • libasan4-32bit-7.5.0+r278197-13.1
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • libcilkrts5-7.5.0+r278197-13.1
  • libcilkrts5-32bit-7.5.0+r278197-13.1
  • libcilkrts5-debuginfo-7.5.0+r278197-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • libasan4-7.5.0+r278197-13.1
  • libubsan0-7.5.0+r278197-13.1
  • gcc7-debuginfo-7.5.0+r278197-13.1
  • libasan4-debuginfo-7.5.0+r278197-13.1
  • libgfortran4-debuginfo-7.5.0+r278197-13.1
  • libgfortran4-7.5.0+r278197-13.1
  • gcc7-debugsource-7.5.0+r278197-13.1
  • libubsan0-debuginfo-7.5.0+r278197-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • libcilkrts5-32bit-7.5.0+r278197-13.1
  • libgfortran4-32bit-7.5.0+r278197-13.1
  • libcilkrts5-7.5.0+r278197-13.1
  • libcilkrts5-debuginfo-7.5.0+r278197-13.1
  • libubsan0-32bit-7.5.0+r278197-13.1
  • libasan4-32bit-7.5.0+r278197-13.1

References:

• https://www.suse.com/security/cve/CVE-2019-14250.html
• https://www.suse.com/security/cve/CVE-2019-15847.html
• https://www.suse.com/security/cve/CVE-2020-13844.html
• https://www.suse.com/security/cve/CVE-2023-4039.html
• https://bugzilla.suse.com/show_bug.cgi?id=1071995
• https://bugzilla.suse.com/show_bug.cgi?id=1084842
• https://bugzilla.suse.com/show_bug.cgi?id=1114592
• https://bugzilla.suse.com/show_bug.cgi?id=1124644
• https://bugzilla.suse.com/show_bug.cgi?id=1128794
• https://bugzilla.suse.com/show_bug.cgi?id=1129389
• https://bugzilla.suse.com/show_bug.cgi?id=1131264
• https://bugzilla.suse.com/show_bug.cgi?id=1141897
• https://bugzilla.suse.com/show_bug.cgi?id=1142649
• https://bugzilla.suse.com/show_bug.cgi?id=1146475
• https://bugzilla.suse.com/show_bug.cgi?id=1148517
• https://bugzilla.suse.com/show_bug.cgi?id=1149145
• https://bugzilla.suse.com/show_bug.cgi?id=1150164
• https://bugzilla.suse.com/show_bug.cgi?id=1160086
• https://bugzilla.suse.com/show_bug.cgi?id=1161913
• https://bugzilla.suse.com/show_bug.cgi?id=1167939
• https://bugzilla.suse.com/show_bug.cgi?id=1172798
• https://bugzilla.suse.com/show_bug.cgi?id=1178577
• https://bugzilla.suse.com/show_bug.cgi?id=1178614
• https://bugzilla.suse.com/show_bug.cgi?id=1178624
• https://bugzilla.suse.com/show_bug.cgi?id=1178675
• https://bugzilla.suse.com/show_bug.cgi?id=1181618
• https://bugzilla.suse.com/show_bug.cgi?id=1195517
• https://bugzilla.suse.com/show_bug.cgi?id=1196861
• https://bugzilla.suse.com/show_bug.cgi?id=1204505
• https://bugzilla.suse.com/show_bug.cgi?id=1205145
• https://bugzilla.suse.com/show_bug.cgi?id=1214052
• https://jira.suse.com/browse/SLE-12209
• https://jira.suse.com/browse/SLE-6738