ALAS2-2023-2244

Amazon Linux 2 Security Advisory: ALAS-2023-2244
Advisory Release Date: 2023-09-08 19:46 Pacific
Advisory Updated Date: 2023-09-13 16:34 Pacific

Severity: Medium

References: CVE-2023-4039
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2023-09-13: The severity of this advisory was corrected from low to medium.

An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature (-fstack-protector) did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensuring it is working as intended.
Customers building their own binaries with GCC are advised to update their compiler, and to ensure they are enabling the defense in depth options available to them, such as the stack protector. (CVE-2023-4039)

Affected Packages:

gcc10

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update gcc10 to update your system.

New Packages:

aarch64:
    gcc10-10.5.0-1.amzn2.0.2.aarch64
    gcc10-c++-10.5.0-1.amzn2.0.2.aarch64
    libstdc++10-devel-10.5.0-1.amzn2.0.2.aarch64
    libstdc++10-docs-10.5.0-1.amzn2.0.2.aarch64
    gcc10-gfortran-10.5.0-1.amzn2.0.2.aarch64
    libgfortran10-10.5.0-1.amzn2.0.2.aarch64
    gcc10-gdb-plugin-10.5.0-1.amzn2.0.2.aarch64
    libitm10-devel-10.5.0-1.amzn2.0.2.aarch64
    libatomic10-devel-10.5.0-1.amzn2.0.2.aarch64
    libasan10-10.5.0-1.amzn2.0.2.aarch64
    libasan10-devel-10.5.0-1.amzn2.0.2.aarch64
    cpp10-10.5.0-1.amzn2.0.2.aarch64
    gcc10-plugin-devel-10.5.0-1.amzn2.0.2.aarch64
    gcc10-debuginfo-10.5.0-1.amzn2.0.2.aarch64

i686:
    gcc10-10.5.0-1.amzn2.0.2.i686
    gcc10-c++-10.5.0-1.amzn2.0.2.i686
    libstdc++10-devel-10.5.0-1.amzn2.0.2.i686
    libstdc++10-docs-10.5.0-1.amzn2.0.2.i686
    gcc10-gfortran-10.5.0-1.amzn2.0.2.i686
    libgfortran10-10.5.0-1.amzn2.0.2.i686
    gcc10-gdb-plugin-10.5.0-1.amzn2.0.2.i686
    libquadmath10-devel-10.5.0-1.amzn2.0.2.i686
    libitm10-devel-10.5.0-1.amzn2.0.2.i686
    libatomic10-devel-10.5.0-1.amzn2.0.2.i686
    libasan10-10.5.0-1.amzn2.0.2.i686
    libasan10-devel-10.5.0-1.amzn2.0.2.i686
    cpp10-10.5.0-1.amzn2.0.2.i686
    gcc10-plugin-devel-10.5.0-1.amzn2.0.2.i686
    gcc10-debuginfo-10.5.0-1.amzn2.0.2.i686

src:
    gcc10-10.5.0-1.amzn2.0.2.src

x86_64:
    gcc10-10.5.0-1.amzn2.0.2.x86_64
    gcc10-c++-10.5.0-1.amzn2.0.2.x86_64
    libstdc++10-devel-10.5.0-1.amzn2.0.2.x86_64
    libstdc++10-docs-10.5.0-1.amzn2.0.2.x86_64
    gcc10-gfortran-10.5.0-1.amzn2.0.2.x86_64
    libgfortran10-10.5.0-1.amzn2.0.2.x86_64
    gcc10-gdb-plugin-10.5.0-1.amzn2.0.2.x86_64
    libquadmath10-devel-10.5.0-1.amzn2.0.2.x86_64
    libitm10-devel-10.5.0-1.amzn2.0.2.x86_64
    libatomic10-devel-10.5.0-1.amzn2.0.2.x86_64
    libasan10-10.5.0-1.amzn2.0.2.x86_64
    libasan10-devel-10.5.0-1.amzn2.0.2.x86_64
    cpp10-10.5.0-1.amzn2.0.2.x86_64
    gcc10-plugin-devel-10.5.0-1.amzn2.0.2.x86_64
    gcc10-debuginfo-10.5.0-1.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2023-4039

Mitre: CVE-2023-4039

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2023-2244

Additional References