Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-2245

Related Vulnerabilities: CVE-2023-4039  

An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature (-fstack-protector) did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensuring it is working as intended. Customers building their own binaries with GCC are advised to update their compiler, and to ensure they are enabling the defense in depth options available to them, such as the stack protector. (CVE-2023-4039)

Source

ALAS2-2023-2245

Amazon Linux 2 Security Advisory: ALAS-2023-2245
Advisory Release Date: 2023-09-08 19:46 Pacific
Advisory Updated Date: 2023-09-13 00:58 Pacific
Severity: Low
Issue Overview:

An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature (-fstack-protector) did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensuring it is working as intended.

Customers building their own binaries with GCC are advised to update their compiler, and to ensure they are enabling the defense in depth options available to them, such as the stack protector. (CVE-2023-4039)


Affected Packages:

gcc


Issue Correction:
Run yum update gcc to update your system.

New Packages:
aarch64:
    gcc-7.3.1-17.amzn2.aarch64
    libgcc-7.3.1-17.amzn2.aarch64
    gcc-c++-7.3.1-17.amzn2.aarch64
    libstdc++-7.3.1-17.amzn2.aarch64
    libstdc++-docs-7.3.1-17.amzn2.aarch64
    gcc-objc-7.3.1-17.amzn2.aarch64
    gcc-objc++-7.3.1-17.amzn2.aarch64
    libobjc-7.3.1-17.amzn2.aarch64
    gcc-gfortran-7.3.1-17.amzn2.aarch64
    libgfortran-7.3.1-17.amzn2.aarch64
    libgomp-7.3.1-17.amzn2.aarch64
    gcc-gdb-plugin-7.3.1-17.amzn2.aarch64
    libgccjit-7.3.1-17.amzn2.aarch64
    libgccjit-devel-7.3.1-17.amzn2.aarch64
    libitm-7.3.1-17.amzn2.aarch64
    libatomic-7.3.1-17.amzn2.aarch64
    libsanitizer-7.3.1-17.amzn2.aarch64
    cpp-7.3.1-17.amzn2.aarch64
    gcc-gnat-7.3.1-17.amzn2.aarch64
    libgnat-7.3.1-17.amzn2.aarch64
    gcc-go-7.3.1-17.amzn2.aarch64
    libgo-7.3.1-17.amzn2.aarch64
    gcc-plugin-devel-7.3.1-17.amzn2.aarch64
    gcc-debuginfo-7.3.1-17.amzn2.aarch64
    gcc-base-debuginfo-7.3.1-17.amzn2.aarch64

i686:
    gcc-7.3.1-17.amzn2.i686
    libgcc-7.3.1-17.amzn2.i686
    gcc-c++-7.3.1-17.amzn2.i686
    libstdc++-7.3.1-17.amzn2.i686
    libstdc++-docs-7.3.1-17.amzn2.i686
    gcc-objc-7.3.1-17.amzn2.i686
    gcc-objc++-7.3.1-17.amzn2.i686
    libobjc-7.3.1-17.amzn2.i686
    gcc-gfortran-7.3.1-17.amzn2.i686
    libgfortran-7.3.1-17.amzn2.i686
    libgomp-7.3.1-17.amzn2.i686
    gcc-gdb-plugin-7.3.1-17.amzn2.i686
    libgccjit-7.3.1-17.amzn2.i686
    libgccjit-devel-7.3.1-17.amzn2.i686
    libquadmath-7.3.1-17.amzn2.i686
    libitm-7.3.1-17.amzn2.i686
    libatomic-7.3.1-17.amzn2.i686
    libsanitizer-7.3.1-17.amzn2.i686
    libcilkrts-7.3.1-17.amzn2.i686
    libmpx-7.3.1-17.amzn2.i686
    cpp-7.3.1-17.amzn2.i686
    gcc-gnat-7.3.1-17.amzn2.i686
    libgnat-7.3.1-17.amzn2.i686
    gcc-go-7.3.1-17.amzn2.i686
    libgo-7.3.1-17.amzn2.i686
    gcc-plugin-devel-7.3.1-17.amzn2.i686
    gcc-debuginfo-7.3.1-17.amzn2.i686
    gcc-base-debuginfo-7.3.1-17.amzn2.i686

src:
    gcc-7.3.1-17.amzn2.src

x86_64:
    gcc-7.3.1-17.amzn2.x86_64
    libgcc-7.3.1-17.amzn2.x86_64
    gcc-c++-7.3.1-17.amzn2.x86_64
    libstdc++-7.3.1-17.amzn2.x86_64
    libstdc++-docs-7.3.1-17.amzn2.x86_64
    gcc-objc-7.3.1-17.amzn2.x86_64
    gcc-objc++-7.3.1-17.amzn2.x86_64
    libobjc-7.3.1-17.amzn2.x86_64
    gcc-gfortran-7.3.1-17.amzn2.x86_64
    libgfortran-7.3.1-17.amzn2.x86_64
    libgomp-7.3.1-17.amzn2.x86_64
    gcc-gdb-plugin-7.3.1-17.amzn2.x86_64
    libgccjit-7.3.1-17.amzn2.x86_64
    libgccjit-devel-7.3.1-17.amzn2.x86_64
    libquadmath-7.3.1-17.amzn2.x86_64
    libitm-7.3.1-17.amzn2.x86_64
    libatomic-7.3.1-17.amzn2.x86_64
    libsanitizer-7.3.1-17.amzn2.x86_64
    libcilkrts-7.3.1-17.amzn2.x86_64
    libmpx-7.3.1-17.amzn2.x86_64
    cpp-7.3.1-17.amzn2.x86_64
    gcc-gnat-7.3.1-17.amzn2.x86_64
    libgnat-7.3.1-17.amzn2.x86_64
    gcc-go-7.3.1-17.amzn2.x86_64
    libgo-7.3.1-17.amzn2.x86_64
    gcc-plugin-devel-7.3.1-17.amzn2.x86_64
    gcc-debuginfo-7.3.1-17.amzn2.x86_64
    gcc-base-debuginfo-7.3.1-17.amzn2.x86_64

Additional References

Red Hat: CVE-2023-4039

Mitre: CVE-2023-4039

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started