Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2023-2245
HistorySep 08, 2023 - 7:46 p.m.

Medium: gcc

2023-09-0819:46:00
alas.aws.amazon.com
2
gcc compiler
stack protector
aarch64 platform
security advisory
code generation
yum update

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Issue Overview:

2023-09-13: The severity of this advisory was corrected from low to medium.

An issue was found in a defense in depth feature of the GCC compiler on aarch64 platforms. The stack protector feature (-fstack-protector) did not detect or defend against overflows of dynamically-sized local variables. This update to the GCC compiler remedies code generation for this defense in depth feature, ensuring it is working as intended.
Customers building their own binaries with GCC are advised to update their compiler, and to ensure they are enabling the defense in depth options available to them, such as the stack protector. (CVE-2023-4039)

Affected Packages:

gcc

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update gcc to update your system.

New Packages:

aarch64:  
    gcc-7.3.1-17.amzn2.aarch64  
    libgcc-7.3.1-17.amzn2.aarch64  
    gcc-c++-7.3.1-17.amzn2.aarch64  
    libstdc++-7.3.1-17.amzn2.aarch64  
    libstdc++-docs-7.3.1-17.amzn2.aarch64  
    gcc-objc-7.3.1-17.amzn2.aarch64  
    gcc-objc++-7.3.1-17.amzn2.aarch64  
    libobjc-7.3.1-17.amzn2.aarch64  
    gcc-gfortran-7.3.1-17.amzn2.aarch64  
    libgfortran-7.3.1-17.amzn2.aarch64  
    libgomp-7.3.1-17.amzn2.aarch64  
    gcc-gdb-plugin-7.3.1-17.amzn2.aarch64  
    libgccjit-7.3.1-17.amzn2.aarch64  
    libgccjit-devel-7.3.1-17.amzn2.aarch64  
    libitm-7.3.1-17.amzn2.aarch64  
    libatomic-7.3.1-17.amzn2.aarch64  
    libsanitizer-7.3.1-17.amzn2.aarch64  
    cpp-7.3.1-17.amzn2.aarch64  
    gcc-gnat-7.3.1-17.amzn2.aarch64  
    libgnat-7.3.1-17.amzn2.aarch64  
    gcc-go-7.3.1-17.amzn2.aarch64  
    libgo-7.3.1-17.amzn2.aarch64  
    gcc-plugin-devel-7.3.1-17.amzn2.aarch64  
    gcc-debuginfo-7.3.1-17.amzn2.aarch64  
    gcc-base-debuginfo-7.3.1-17.amzn2.aarch64  
  
i686:  
    gcc-7.3.1-17.amzn2.i686  
    libgcc-7.3.1-17.amzn2.i686  
    gcc-c++-7.3.1-17.amzn2.i686  
    libstdc++-7.3.1-17.amzn2.i686  
    libstdc++-docs-7.3.1-17.amzn2.i686  
    gcc-objc-7.3.1-17.amzn2.i686  
    gcc-objc++-7.3.1-17.amzn2.i686  
    libobjc-7.3.1-17.amzn2.i686  
    gcc-gfortran-7.3.1-17.amzn2.i686  
    libgfortran-7.3.1-17.amzn2.i686  
    libgomp-7.3.1-17.amzn2.i686  
    gcc-gdb-plugin-7.3.1-17.amzn2.i686  
    libgccjit-7.3.1-17.amzn2.i686  
    libgccjit-devel-7.3.1-17.amzn2.i686  
    libquadmath-7.3.1-17.amzn2.i686  
    libitm-7.3.1-17.amzn2.i686  
    libatomic-7.3.1-17.amzn2.i686  
    libsanitizer-7.3.1-17.amzn2.i686  
    libcilkrts-7.3.1-17.amzn2.i686  
    libmpx-7.3.1-17.amzn2.i686  
    cpp-7.3.1-17.amzn2.i686  
    gcc-gnat-7.3.1-17.amzn2.i686  
    libgnat-7.3.1-17.amzn2.i686  
    gcc-go-7.3.1-17.amzn2.i686  
    libgo-7.3.1-17.amzn2.i686  
    gcc-plugin-devel-7.3.1-17.amzn2.i686  
    gcc-debuginfo-7.3.1-17.amzn2.i686  
    gcc-base-debuginfo-7.3.1-17.amzn2.i686  
  
src:  
    gcc-7.3.1-17.amzn2.src  
  
x86_64:  
    gcc-7.3.1-17.amzn2.x86_64  
    libgcc-7.3.1-17.amzn2.x86_64  
    gcc-c++-7.3.1-17.amzn2.x86_64  
    libstdc++-7.3.1-17.amzn2.x86_64  
    libstdc++-docs-7.3.1-17.amzn2.x86_64  
    gcc-objc-7.3.1-17.amzn2.x86_64  
    gcc-objc++-7.3.1-17.amzn2.x86_64  
    libobjc-7.3.1-17.amzn2.x86_64  
    gcc-gfortran-7.3.1-17.amzn2.x86_64  
    libgfortran-7.3.1-17.amzn2.x86_64  
    libgomp-7.3.1-17.amzn2.x86_64  
    gcc-gdb-plugin-7.3.1-17.amzn2.x86_64  
    libgccjit-7.3.1-17.amzn2.x86_64  
    libgccjit-devel-7.3.1-17.amzn2.x86_64  
    libquadmath-7.3.1-17.amzn2.x86_64  
    libitm-7.3.1-17.amzn2.x86_64  
    libatomic-7.3.1-17.amzn2.x86_64  
    libsanitizer-7.3.1-17.amzn2.x86_64  
    libcilkrts-7.3.1-17.amzn2.x86_64  
    libmpx-7.3.1-17.amzn2.x86_64  
    cpp-7.3.1-17.amzn2.x86_64  
    gcc-gnat-7.3.1-17.amzn2.x86_64  
    libgnat-7.3.1-17.amzn2.x86_64  
    gcc-go-7.3.1-17.amzn2.x86_64  
    libgo-7.3.1-17.amzn2.x86_64  
    gcc-plugin-devel-7.3.1-17.amzn2.x86_64  
    gcc-debuginfo-7.3.1-17.amzn2.x86_64  
    gcc-base-debuginfo-7.3.1-17.amzn2.x86_64

Additional References

Red Hat: CVE-2023-4039

Mitre: CVE-2023-4039

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64gcc< 7.3.1-17.amzn2gcc-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64libgcc< 7.3.1-17.amzn2libgcc-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-c++< 7.3.1-17.amzn2gcc-c++-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64libstdc++< 7.3.1-17.amzn2libstdc++-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64libstdc++-docs< 7.3.1-17.amzn2libstdc++-docs-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-objc< 7.3.1-17.amzn2gcc-objc-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-objc++< 7.3.1-17.amzn2gcc-objc++-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64libobjc< 7.3.1-17.amzn2libobjc-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-gfortran< 7.3.1-17.amzn2gcc-gfortran-7.3.1-17.amzn2.aarch64.rpm
Amazon Linux2aarch64libgfortran< 7.3.1-17.amzn2libgfortran-7.3.1-17.amzn2.aarch64.rpm
Rows per page:
1-10 of 811

Related

ubuntucve 1
redhatcve 1
oraclelinux 3
openvas 25
nessus 29
veracode 1
nvd 1
cgr 1
wolfi 1
cbl_mariner 1
cve 1
debiancve 1
alpinelinux 1
amazon 1
rosalinux 1
cvelist 1
prion 1
ibm 3
oracle 1
ics 1
ubuntucve
ubuntucve
CVE-2023-4039
2023-09-12 00:00:00
redhatcve
redhatcve
CVE-2023-4039
2023-09-13 05:24:13
oraclelinux
oraclelinux
cross-gcc security update
2023-09-12 00:00:00
cross-gcc security update
2023-09-12 00:00:00
gcc security update
2023-09-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4458-1)
2023-11-17 00:00:00
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2023-3328)
2023-12-12 00:00:00
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2023-3209)
2023-11-10 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : gcc7 (SUSE-SU-2023:3686-1)
2023-09-20 00:00:00
EulerOS 2.0 SP10 : gcc (EulerOS-SA-2023-3209)
2024-01-16 00:00:00
EulerOS 2.0 SP9 : gcc (EulerOS-SA-2023-3328)
2024-01-16 00:00:00
veracode
veracode
Buffer Overflow
2023-11-30 18:34:15
nvd
nvd
CVE-2023-4039
2023-09-13 09:15:15
cgr
cgr
CVE-2023-4039 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-4039 vulnerabilities
2024-07-01 09:08:36
cbl_mariner
cbl_mariner
CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6
2023-09-27 18:02:50
cve
cve
CVE-2023-4039
2023-09-13 09:15:15
debiancve
debiancve
CVE-2023-4039
2023-09-13 09:15:15
alpinelinux
alpinelinux
CVE-2023-4039
2023-09-13 09:15:15
amazon
amazon
Medium: gcc10
2023-09-08 19:46:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2406
2024-04-23 12:04:19
cvelist
cvelist
CVE-2023-4039 GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64
2023-09-13 08:05:10
prion
prion
Design/Logic Flaw
2023-09-13 09:15:00
ibm
ibm
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has addressed security vulnerabilities
2023-12-26 21:30:04
Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.
2024-04-12 17:49:20
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
2024-06-26 09:20:14
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for ALAS2-2023-2245
ubuntucve1redhatcve1oraclelinux3openvas25nessus29veracode1nvd1cgr1wolfi1cbl_mariner1cve1debiancve1alpinelinux1amazon1rosalinux1cvelist1prion1ibm3oracle1ics1