ALAS2023-2023-342

Amazon Linux 2023 Security Advisory: ALAS-2023-342
Advisory Release Date: 2023-09-08 19:46 Pacific
Advisory Updated Date: 2023-09-12 22:35 Pacific
Severity: Medium
Issue Overview:

An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature (-fstack-protector) did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensuring it is working as intended.

Customers building their own binaries with GCC are advised to update their compiler, and to ensure they are enabling the defense in depth options available to them, such as the stack protector.


Affected Packages:

gcc


Issue Correction:
Run dnf update gcc --releasever 2023.1.20230912 to update your system.

New Packages:
aarch64:
    gcc-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libstdc++-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libubsan-11.4.1-2.amzn2023.0.2.aarch64
    gcc-gfortran-11.4.1-2.amzn2023.0.2.aarch64
    liblsan-static-11.4.1-2.amzn2023.0.2.aarch64
    libubsan-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    gcc-c++-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libgomp-11.4.1-2.amzn2023.0.2.aarch64
    gcc-11.4.1-2.amzn2023.0.2.aarch64
    cpp-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libstdc++-11.4.1-2.amzn2023.0.2.aarch64
    libatomic-static-11.4.1-2.amzn2023.0.2.aarch64
    libgfortran-11.4.1-2.amzn2023.0.2.aarch64
    libgccjit-11.4.1-2.amzn2023.0.2.aarch64
    libstdc++-devel-11.4.1-2.amzn2023.0.2.aarch64
    libtsan-11.4.1-2.amzn2023.0.2.aarch64
    gcc-gdb-plugin-11.4.1-2.amzn2023.0.2.aarch64
    libasan-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libstdc++-static-11.4.1-2.amzn2023.0.2.aarch64
    gcc-plugin-devel-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libasan-static-11.4.1-2.amzn2023.0.2.aarch64
    libubsan-static-11.4.1-2.amzn2023.0.2.aarch64
    liblsan-11.4.1-2.amzn2023.0.2.aarch64
    libgcc-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libgfortran-static-11.4.1-2.amzn2023.0.2.aarch64
    libitm-static-11.4.1-2.amzn2023.0.2.aarch64
    libtsan-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libasan-11.4.1-2.amzn2023.0.2.aarch64
    libitm-devel-11.4.1-2.amzn2023.0.2.aarch64
    libitm-11.4.1-2.amzn2023.0.2.aarch64
    gcc-debugsource-11.4.1-2.amzn2023.0.2.aarch64
    libgfortran-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libatomic-11.4.1-2.amzn2023.0.2.aarch64
    cpp-11.4.1-2.amzn2023.0.2.aarch64
    gcc-gfortran-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    gcc-gdb-plugin-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libgccjit-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libatomic-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libgomp-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libgccjit-devel-11.4.1-2.amzn2023.0.2.aarch64
    liblsan-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    gcc-c++-11.4.1-2.amzn2023.0.2.aarch64
    libtsan-static-11.4.1-2.amzn2023.0.2.aarch64
    gcc-plugin-devel-11.4.1-2.amzn2023.0.2.aarch64
    libgcc-11.4.1-2.amzn2023.0.2.aarch64
    libitm-debuginfo-11.4.1-2.amzn2023.0.2.aarch64
    libstdc++-docs-11.4.1-2.amzn2023.0.2.aarch64

src:
    gcc-11.4.1-2.amzn2023.0.2.src

x86_64:
    gcc-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libgfortran-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-gfortran-11.4.1-2.amzn2023.0.2.x86_64
    libstdc++-static-11.4.1-2.amzn2023.0.2.x86_64
    libasan-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    liblsan-static-11.4.1-2.amzn2023.0.2.x86_64
    libgccjit-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-c++-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-11.4.1-2.amzn2023.0.2.x86_64
    libgomp-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libstdc++-devel-11.4.1-2.amzn2023.0.2.x86_64
    gcc-c++-11.4.1-2.amzn2023.0.2.x86_64
    cpp-11.4.1-2.amzn2023.0.2.x86_64
    libtsan-static-11.4.1-2.amzn2023.0.2.x86_64
    liblsan-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-gfortran-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libitm-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libgccjit-11.4.1-2.amzn2023.0.2.x86_64
    libstdc++-11.4.1-2.amzn2023.0.2.x86_64
    libtsan-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    cpp-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libtsan-11.4.1-2.amzn2023.0.2.x86_64
    gcc-gdb-plugin-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libstdc++-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libasan-11.4.1-2.amzn2023.0.2.x86_64
    libasan-static-11.4.1-2.amzn2023.0.2.x86_64
    libgfortran-11.4.1-2.amzn2023.0.2.x86_64
    gcc-plugin-devel-11.4.1-2.amzn2023.0.2.x86_64
    libubsan-static-11.4.1-2.amzn2023.0.2.x86_64
    libgccjit-devel-11.4.1-2.amzn2023.0.2.x86_64
    gcc-offload-nvptx-11.4.1-2.amzn2023.0.2.x86_64
    libgfortran-static-11.4.1-2.amzn2023.0.2.x86_64
    libubsan-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-offload-nvptx-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-debugsource-11.4.1-2.amzn2023.0.2.x86_64
    libstdc++-docs-11.4.1-2.amzn2023.0.2.x86_64
    libquadmath-static-11.4.1-2.amzn2023.0.2.x86_64
    libquadmath-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    gcc-plugin-devel-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libgomp-11.4.1-2.amzn2023.0.2.x86_64
    liblsan-11.4.1-2.amzn2023.0.2.x86_64
    libubsan-11.4.1-2.amzn2023.0.2.x86_64
    libgcc-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libquadmath-11.4.1-2.amzn2023.0.2.x86_64
    gcc-gdb-plugin-11.4.1-2.amzn2023.0.2.x86_64
    libitm-static-11.4.1-2.amzn2023.0.2.x86_64
    libgcc-11.4.1-2.amzn2023.0.2.x86_64
    libitm-11.4.1-2.amzn2023.0.2.x86_64
    libatomic-static-11.4.1-2.amzn2023.0.2.x86_64
    libgomp-offload-nvptx-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libatomic-debuginfo-11.4.1-2.amzn2023.0.2.x86_64
    libgomp-offload-nvptx-11.4.1-2.amzn2023.0.2.x86_64
    libatomic-11.4.1-2.amzn2023.0.2.x86_64
    libquadmath-devel-11.4.1-2.amzn2023.0.2.x86_64
    libitm-devel-11.4.1-2.amzn2023.0.2.x86_64

Additional References

Red Hat: CVE-2023-4039

Mitre: CVE-2023-4039