Oval Definition:oval:com.redhat.rhsa:def:20100039
Revision Date:2010-01-13Version:642
Title:RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description:The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library.

  • A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736)

    All gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-3736
    RHSA-2010:0039
    RHSA-2010:0039-01
    RHSA-2010:0039-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • gcc-objc is earlier than 0:3.2.3-60
  • AND gcc-objc is signed with Red Hat master key
  • gcc-c++ is earlier than 0:3.2.3-60
  • AND gcc-c++ is signed with Red Hat master key
  • libgcj is earlier than 0:3.2.3-60
  • AND libgcj is signed with Red Hat master key
  • libgnat is earlier than 0:3.2.3-60
  • AND libgnat is signed with Red Hat master key
  • libobjc is earlier than 0:3.2.3-60
  • AND libobjc is signed with Red Hat master key
  • libf2c is earlier than 0:3.2.3-60
  • AND libf2c is signed with Red Hat master key
  • gcc is earlier than 0:3.2.3-60
  • AND gcc is signed with Red Hat master key
  • gcc-java is earlier than 0:3.2.3-60
  • AND gcc-java is signed with Red Hat master key
  • gcc-g77 is earlier than 0:3.2.3-60
  • AND gcc-g77 is signed with Red Hat master key
  • libgcj-devel is earlier than 0:3.2.3-60
  • AND libgcj-devel is signed with Red Hat master key
  • libstdc++-devel is earlier than 0:3.2.3-60
  • AND libstdc++-devel is signed with Red Hat master key
  • libgcc is earlier than 0:3.2.3-60
  • AND libgcc is signed with Red Hat master key
  • cpp is earlier than 0:3.2.3-60
  • AND cpp is signed with Red Hat master key
  • gcc-gnat is earlier than 0:3.2.3-60
  • AND gcc-gnat is signed with Red Hat master key
  • libstdc++ is earlier than 0:3.2.3-60
  • AND libstdc++ is signed with Red Hat master key
  • gcc-c++-ppc32 is earlier than 0:3.2.3-60
  • AND gcc-c++-ppc32 is signed with Red Hat master key
  • gcc-ppc32 is earlier than 0:3.2.3-60
  • AND gcc-ppc32 is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • libgfortran is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgfortran is signed with Red Hat master key
  • libgcj4-src is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgcj4-src is signed with Red Hat master key
  • gcc4-java is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4-java is signed with Red Hat master key
  • libgcj4 is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgcj4 is signed with Red Hat master key
  • libgomp is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgomp is signed with Red Hat master key
  • libmudflap is earlier than 0:4.1.2-44.EL4_8.1
  • AND libmudflap is signed with Red Hat master key
  • gcc4-gfortran is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4-gfortran is signed with Red Hat master key
  • gcc4 is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4 is signed with Red Hat master key
  • libmudflap-devel is earlier than 0:4.1.2-44.EL4_8.1
  • AND libmudflap-devel is signed with Red Hat master key
  • gcc4-c++ is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4-c++ is signed with Red Hat master key
  • libgcj4-devel is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgcj4-devel is signed with Red Hat master key
  • libgcj-devel is earlier than 0:3.4.6-11.el4_8.1
  • AND libgcj-devel is signed with Red Hat master key
  • libgnat is earlier than 0:3.4.6-11.el4_8.1
  • AND libgnat is signed with Red Hat master key
  • gcc-gnat is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-gnat is signed with Red Hat master key
  • libstdc++ is earlier than 0:3.4.6-11.el4_8.1
  • AND libstdc++ is signed with Red Hat master key
  • libobjc is earlier than 0:3.4.6-11.el4_8.1
  • AND libobjc is signed with Red Hat master key
  • cpp is earlier than 0:3.4.6-11.el4_8.1
  • AND cpp is signed with Red Hat master key
  • gcc-objc is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-objc is signed with Red Hat master key
  • libf2c is earlier than 0:3.4.6-11.el4_8.1
  • AND libf2c is signed with Red Hat master key
  • gcc-java is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-java is signed with Red Hat master key
  • libgcj is earlier than 0:3.4.6-11.el4_8.1
  • AND libgcj is signed with Red Hat master key
  • gcc is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc is signed with Red Hat master key
  • gcc-c++ is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-c++ is signed with Red Hat master key
  • gcc-g77 is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-g77 is signed with Red Hat master key
  • libstdc++-devel is earlier than 0:3.4.6-11.el4_8.1
  • AND libstdc++-devel is signed with Red Hat master key
  • libgcc is earlier than 0:3.4.6-11.el4_8.1
  • AND libgcc is signed with Red Hat master key
  • gcc-c++-ppc32 is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-c++-ppc32 is signed with Red Hat master key
  • gcc-ppc32 is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-ppc32 is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2
  • AND libstdc++-devel is signed with Red Hat redhatrelease key
  • libstdc++ is earlier than 0:4.1.2-46.el5_4.2
  • AND libstdc++ is signed with Red Hat redhatrelease key
  • libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2
  • AND libmudflap-devel is signed with Red Hat redhatrelease key
  • libobjc is earlier than 0:4.1.2-46.el5_4.2
  • AND libobjc is signed with Red Hat redhatrelease key
  • libgnat is earlier than 0:4.1.2-46.el5_4.2
  • AND libgnat is signed with Red Hat redhatrelease key
  • gcc-gnat is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-gnat is signed with Red Hat redhatrelease key
  • gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-objc++ is signed with Red Hat redhatrelease key
  • gcc-objc is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-objc is signed with Red Hat redhatrelease key
  • gcc-java is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-java is signed with Red Hat redhatrelease key
  • libgcj is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcj is signed with Red Hat redhatrelease key
  • cpp is earlier than 0:4.1.2-46.el5_4.2
  • AND cpp is signed with Red Hat redhatrelease key
  • libgcj-src is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcj-src is signed with Red Hat redhatrelease key
  • libmudflap is earlier than 0:4.1.2-46.el5_4.2
  • AND libmudflap is signed with Red Hat redhatrelease key
  • libgcc is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcc is signed with Red Hat redhatrelease key
  • libgcj-devel is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcj-devel is signed with Red Hat redhatrelease key
  • gcc is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc is signed with Red Hat redhatrelease key
  • libgfortran is earlier than 0:4.1.2-46.el5_4.2
  • AND libgfortran is signed with Red Hat redhatrelease key
  • gcc-c++ is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-c++ is signed with Red Hat redhatrelease key
  • gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-gfortran is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • gcc4 is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4 is signed with Red Hat redhatrelease2 key
  • gcc4-c++ is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4-c++ is signed with Red Hat redhatrelease2 key
  • gcc4-gfortran is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4-gfortran is signed with Red Hat redhatrelease2 key
  • gcc4-java is earlier than 0:4.1.2-44.EL4_8.1
  • AND gcc4-java is signed with Red Hat redhatrelease2 key
  • libgcj4 is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgcj4 is signed with Red Hat redhatrelease2 key
  • libgcj4-devel is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgcj4-devel is signed with Red Hat redhatrelease2 key
  • libgcj4-src is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgcj4-src is signed with Red Hat redhatrelease2 key
  • libgfortran is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgfortran is signed with Red Hat redhatrelease2 key
  • libgomp is earlier than 0:4.1.2-44.EL4_8.1
  • AND libgomp is signed with Red Hat redhatrelease2 key
  • libmudflap is earlier than 0:4.1.2-44.EL4_8.1
  • AND libmudflap is signed with Red Hat redhatrelease2 key
  • libmudflap-devel is earlier than 0:4.1.2-44.EL4_8.1
  • AND libmudflap-devel is signed with Red Hat redhatrelease2 key
  • cpp is earlier than 0:3.4.6-11.el4_8.1
  • AND cpp is signed with Red Hat redhatrelease2 key
  • gcc is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc is signed with Red Hat redhatrelease2 key
  • gcc-c++ is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-c++ is signed with Red Hat redhatrelease2 key
  • gcc-c++-ppc32 is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-c++-ppc32 is signed with Red Hat redhatrelease2 key
  • gcc-g77 is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-g77 is signed with Red Hat redhatrelease2 key
  • gcc-gnat is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-gnat is signed with Red Hat redhatrelease2 key
  • gcc-java is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-java is signed with Red Hat redhatrelease2 key
  • gcc-objc is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-objc is signed with Red Hat redhatrelease2 key
  • gcc-ppc32 is earlier than 0:3.4.6-11.el4_8.1
  • AND gcc-ppc32 is signed with Red Hat redhatrelease2 key
  • libf2c is earlier than 0:3.4.6-11.el4_8.1
  • AND libf2c is signed with Red Hat redhatrelease2 key
  • libgcc is earlier than 0:3.4.6-11.el4_8.1
  • AND libgcc is signed with Red Hat redhatrelease2 key
  • libgcj is earlier than 0:3.4.6-11.el4_8.1
  • AND libgcj is signed with Red Hat redhatrelease2 key
  • libgcj-devel is earlier than 0:3.4.6-11.el4_8.1
  • AND libgcj-devel is signed with Red Hat redhatrelease2 key
  • libgnat is earlier than 0:3.4.6-11.el4_8.1
  • AND libgnat is signed with Red Hat redhatrelease2 key
  • libobjc is earlier than 0:3.4.6-11.el4_8.1
  • AND libobjc is signed with Red Hat redhatrelease2 key
  • libstdc++ is earlier than 0:3.4.6-11.el4_8.1
  • AND libstdc++ is signed with Red Hat redhatrelease2 key
  • libstdc++-devel is earlier than 0:3.4.6-11.el4_8.1
  • AND libstdc++-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • cpp is earlier than 0:4.1.2-46.el5_4.2
  • AND cpp is signed with Red Hat redhatrelease2 key
  • gcc is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc is signed with Red Hat redhatrelease2 key
  • gcc-c++ is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-c++ is signed with Red Hat redhatrelease2 key
  • gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-gfortran is signed with Red Hat redhatrelease2 key
  • gcc-gnat is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-gnat is signed with Red Hat redhatrelease2 key
  • gcc-java is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-java is signed with Red Hat redhatrelease2 key
  • gcc-objc is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-objc is signed with Red Hat redhatrelease2 key
  • gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2
  • AND gcc-objc++ is signed with Red Hat redhatrelease2 key
  • libgcc is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcc is signed with Red Hat redhatrelease2 key
  • libgcj is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcj is signed with Red Hat redhatrelease2 key
  • libgcj-devel is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcj-devel is signed with Red Hat redhatrelease2 key
  • libgcj-src is earlier than 0:4.1.2-46.el5_4.2
  • AND libgcj-src is signed with Red Hat redhatrelease2 key
  • libgfortran is earlier than 0:4.1.2-46.el5_4.2
  • AND libgfortran is signed with Red Hat redhatrelease2 key
  • libgnat is earlier than 0:4.1.2-46.el5_4.2
  • AND libgnat is signed with Red Hat redhatrelease2 key
  • libmudflap is earlier than 0:4.1.2-46.el5_4.2
  • AND libmudflap is signed with Red Hat redhatrelease2 key
  • libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2
  • AND libmudflap-devel is signed with Red Hat redhatrelease2 key
  • libobjc is earlier than 0:4.1.2-46.el5_4.2
  • AND libobjc is signed with Red Hat redhatrelease2 key
  • libstdc++ is earlier than 0:4.1.2-46.el5_4.2
  • AND libstdc++ is signed with Red Hat redhatrelease2 key
  • libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2
  • AND libstdc++-devel is signed with Red Hat redhatrelease2 key
    • BACK