{"schema_version":"1.7.2","id":"OESA-2025-1042","modified":"2025-01-17T14:07:14Z","published":"2025-01-17T14:07:14Z","upstream":["CVE-2023-4039"],"summary":"gcc security update","details":"The gcc package contains the GNU Compiler Collection version 12. You\u0026apos;ll need this package in order to compile C code.\r\n\r\nSecurity Fix(es):\r\n\r\n\r\n\r\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\r\n\r\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\r\n\r\n\r\n\r\n\r\n\r\n(CVE-2023-4039)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"gcc","purl":"pkg:rpm/openEuler/gcc\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.3.1-38.oe2403"}]}],"ecosystem_specific":{"aarch64":["cpp-12.3.1-38.oe2403.aarch64.rpm","gcc-12.3.1-38.oe2403.aarch64.rpm","gcc-c++-12.3.1-38.oe2403.aarch64.rpm","gcc-debuginfo-12.3.1-38.oe2403.aarch64.rpm","gcc-debugsource-12.3.1-38.oe2403.aarch64.rpm","gcc-gdb-plugin-12.3.1-38.oe2403.aarch64.rpm","gcc-gfortran-12.3.1-38.oe2403.aarch64.rpm","gcc-objc++-12.3.1-38.oe2403.aarch64.rpm","gcc-objc-12.3.1-38.oe2403.aarch64.rpm","gcc-plugin-devel-12.3.1-38.oe2403.aarch64.rpm","libasan-12.3.1-38.oe2403.aarch64.rpm","libasan-static-12.3.1-38.oe2403.aarch64.rpm","libatomic-12.3.1-38.oe2403.aarch64.rpm","libatomic-static-12.3.1-38.oe2403.aarch64.rpm","libgcc-12.3.1-38.oe2403.aarch64.rpm","libgccjit-12.3.1-38.oe2403.aarch64.rpm","libgccjit-devel-12.3.1-38.oe2403.aarch64.rpm","libgfortran-12.3.1-38.oe2403.aarch64.rpm","libgfortran-static-12.3.1-38.oe2403.aarch64.rpm","libgomp-12.3.1-38.oe2403.aarch64.rpm","libitm-12.3.1-38.oe2403.aarch64.rpm","libitm-devel-12.3.1-38.oe2403.aarch64.rpm","libitm-static-12.3.1-38.oe2403.aarch64.rpm","liblsan-12.3.1-38.oe2403.aarch64.rpm","liblsan-static-12.3.1-38.oe2403.aarch64.rpm","libobjc-12.3.1-38.oe2403.aarch64.rpm","libquadmath-12.3.1-38.oe2403.aarch64.rpm","libquadmath-devel-12.3.1-38.oe2403.aarch64.rpm","libquadmath-static-12.3.1-38.oe2403.aarch64.rpm","libstdc++-12.3.1-38.oe2403.aarch64.rpm","libstdc++-devel-12.3.1-38.oe2403.aarch64.rpm","libstdc++-static-12.3.1-38.oe2403.aarch64.rpm","libtsan-12.3.1-38.oe2403.aarch64.rpm","libtsan-static-12.3.1-38.oe2403.aarch64.rpm","libubsan-12.3.1-38.oe2403.aarch64.rpm","libubsan-static-12.3.1-38.oe2403.aarch64.rpm"],"src":["gcc-12.3.1-38.oe2403.src.rpm"],"x86_64":["cpp-12.3.1-38.oe2403.x86_64.rpm","gcc-12.3.1-38.oe2403.x86_64.rpm","gcc-c++-12.3.1-38.oe2403.x86_64.rpm","gcc-debuginfo-12.3.1-38.oe2403.x86_64.rpm","gcc-debugsource-12.3.1-38.oe2403.x86_64.rpm","gcc-gdb-plugin-12.3.1-38.oe2403.x86_64.rpm","gcc-gfortran-12.3.1-38.oe2403.x86_64.rpm","gcc-objc++-12.3.1-38.oe2403.x86_64.rpm","gcc-objc-12.3.1-38.oe2403.x86_64.rpm","gcc-plugin-devel-12.3.1-38.oe2403.x86_64.rpm","libasan-12.3.1-38.oe2403.x86_64.rpm","libasan-static-12.3.1-38.oe2403.x86_64.rpm","libatomic-12.3.1-38.oe2403.x86_64.rpm","libatomic-static-12.3.1-38.oe2403.x86_64.rpm","libgcc-12.3.1-38.oe2403.x86_64.rpm","libgccjit-12.3.1-38.oe2403.x86_64.rpm","libgccjit-devel-12.3.1-38.oe2403.x86_64.rpm","libgfortran-12.3.1-38.oe2403.x86_64.rpm","libgfortran-static-12.3.1-38.oe2403.x86_64.rpm","libgomp-12.3.1-38.oe2403.x86_64.rpm","libitm-12.3.1-38.oe2403.x86_64.rpm","libitm-devel-12.3.1-38.oe2403.x86_64.rpm","libitm-static-12.3.1-38.oe2403.x86_64.rpm","liblsan-12.3.1-38.oe2403.x86_64.rpm","liblsan-static-12.3.1-38.oe2403.x86_64.rpm","libobjc-12.3.1-38.oe2403.x86_64.rpm","libquadmath-12.3.1-38.oe2403.x86_64.rpm","libquadmath-devel-12.3.1-38.oe2403.x86_64.rpm","libquadmath-static-12.3.1-38.oe2403.x86_64.rpm","libstdc++-12.3.1-38.oe2403.x86_64.rpm","libstdc++-devel-12.3.1-38.oe2403.x86_64.rpm","libstdc++-static-12.3.1-38.oe2403.x86_64.rpm","libtsan-12.3.1-38.oe2403.x86_64.rpm","libtsan-static-12.3.1-38.oe2403.x86_64.rpm","libubsan-12.3.1-38.oe2403.x86_64.rpm","libubsan-static-12.3.1-38.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1042"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4039"}],"database_specific":{"severity":"Medium"}}