Rapid7 Vulnerability & Exploit Database

RHSA-2011:0025: gcc security and bug fix update

Back to Search

RHSA-2011:0025: gcc security and bug fix update

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
06/18/2010
Created
07/25/2018
Added
01/13/2011
Modified
07/04/2017

Description

The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNUcompilers, along with related support libraries. The libgcj packageprovides fastjar, an archive tool for Java Archive (JAR) files.Two directory traversal flaws were found in the way fastjar extracted JARarchive files. If a local, unsuspecting user extracted a specially-craftedJAR file, it could cause fastjar to overwrite arbitrary files writable bythe user running fastjar. (CVE-2010-0831, CVE-2010-2322)This update also fixes the following bugs:All gcc users should upgrade to these updated packages, which containbackported patches to correct these issues.

Solution(s)

  • redhat-upgrade-cpp
  • redhat-upgrade-gcc
  • redhat-upgrade-gcc-c
  • redhat-upgrade-gcc-gfortran
  • redhat-upgrade-gcc-gnat
  • redhat-upgrade-gcc-java
  • redhat-upgrade-gcc-objc
  • redhat-upgrade-libgcc
  • redhat-upgrade-libgcj
  • redhat-upgrade-libgcj-devel
  • redhat-upgrade-libgcj-src
  • redhat-upgrade-libgfortran
  • redhat-upgrade-libgnat
  • redhat-upgrade-libmudflap
  • redhat-upgrade-libmudflap-devel
  • redhat-upgrade-libobjc
  • redhat-upgrade-libstdc
  • redhat-upgrade-libstdc-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;