USN-5770-1: GCC vulnerability
8 December 2022
GNU Compiler Collection's (GCC) random number generation could be made less random with specially crafted input.
Releases
Packages
Details
Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
gnat-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gcc-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gcj-5-jdk
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gccgo-6
-
6.0.1-0ubuntu1+esm1
Available with Ubuntu Pro
-
gccgo-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gcj-5-jre-headless
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gfortran-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
g++-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gcj-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
-
gdc-5
-
5.4.0-6ubuntu1~16.04.12+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.