All Vulnerability Reports

USN-5770-1: GCC vulnerability

Severity

Low

Vendor

VMware Tanzu

Versions Affected

• Canonical Ubuntu 16.04

Description

Todd Eisenberger discovered that certain versions of GNU Compiler Collection (GCC) could be made to clobber the status flag of RDRAND and RDSEED with specially crafted input. This could potentially lead to less randomness in random number generation. Update Instructions: Run `sudo pro fix USN-5770-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcc1 - 1:6.0.1-0ubuntu1+esm1 libx32gcc1 - 1:6.0.1-0ubuntu1+esm1 libsfgcc1 - 1:6.0.1-0ubuntu1+esm1 lib64gcc1 - 1:6.0.1-0ubuntu1+esm1 lib32gcc1 - 1:6.0.1-0ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libx32go7 - 5.4.0-6ubuntu1~16.04.12+esm2 libitm1 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++-5-pic - 5.4.0-6ubuntu1~16.04.12+esm2 lib64stdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 libubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfphobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-base - 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libquadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 lib32atomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 g++-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-source - 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 lib32stdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 cpp-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 libsfobjc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32objc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgnat-5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64atomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 libcc1-0 - 5.4.0-6ubuntu1~16.04.12+esm2 libgomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libobjc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32lsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64mpx0 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jdk - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc++-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libatomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64cilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfstdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libsfasan2 - 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 libmpx0 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-plugin-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-locales - 5.4.0-6ubuntu1~16.04.12+esm2 libtsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32stdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32objc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfatomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32asan2 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-source - 5.4.0-6ubuntu1~16.04.12+esm2 cpp-5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32quadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-headless - 5.4.0-6ubuntu1~16.04.12+esm2 lib64itm1 - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 lib32ubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5 - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj-doc - 5.4.0-6ubuntu1~16.04.12+esm2 g++-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libsfgcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32objc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre - 5.4.0-6ubuntu1~16.04.12+esm2 lib64objc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32cilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32lsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64ubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libsfobjc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libgccjit0 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32atomic1 - 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 libsfubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libgfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-lib - 5.4.0-6ubuntu1~16.04.12+esm2 lib32cilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32stdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-hppa64-linux-gnu - 5.4.0-6ubuntu1~16.04.12+esm2 libx32objc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64phobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj16-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 liblsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 libx32ubsan0 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gcc-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64stdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libphobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatvsn5 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32quadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 gobjc++-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libgccjit-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64asan2 - 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5 - 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5-sjlj - 5.4.0-6ubuntu1~16.04.12+esm2 libsfstdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5-multilib - 5.4.0-6ubuntu1~16.04.12+esm2 lib64go7 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32phobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32gomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatvsn5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatprj5 - 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5 - 5.4.0-6ubuntu1~16.04.12+esm2 libobjc4 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64quadmath0 - 5.4.0-6ubuntu1~16.04.12+esm2 lib64objc4 - 5.4.0-6ubuntu1~16.04.12+esm2 libstdc++6 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32asan2 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32mpx0 - 5.4.0-6ubuntu1~16.04.12+esm2 libasan2 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32itm1 - 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5-test-results - 5.4.0-6ubuntu1~16.04.12+esm2 libgo7 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gomp1 - 5.4.0-6ubuntu1~16.04.12+esm2 libcilkrts5 - 5.4.0-6ubuntu1~16.04.12+esm2 lib32go7 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj16 - 5.4.0-6ubuntu1~16.04.12+esm2 libgcj16-awt - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gfortran3 - 5.4.0-6ubuntu1~16.04.12+esm2 libgnatprj5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libgccjit-5-doc - 5.4.0-6ubuntu1~16.04.12+esm2 lib32gfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib64gfortran-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 lib32itm1 - 5.4.0-6ubuntu1~16.04.12+esm2 libx32phobos-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 libx32stdc++-5-dev - 5.4.0-6ubuntu1~16.04.12+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro libx32go9 - 6.0.1-0ubuntu1+esm1 lib32go9 - 6.0.1-0ubuntu1+esm1 gcc-6-base - 6.0.1-0ubuntu1+esm1 gccgo-6-doc - 6.0.1-0ubuntu1+esm1 gccgo-6 - 6.0.1-0ubuntu1+esm1 gccgo-6-multilib - 6.0.1-0ubuntu1+esm1 lib64go9 - 6.0.1-0ubuntu1+esm1 libgo9 - 6.0.1-0ubuntu1+esm1 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro fixincludes - 1:5.4.0-6ubuntu1~16.04.12+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro

CVEs contained in this USN include: CVE-2017-11671

Affected VMware Products and Versions

Severity is low unless otherwise noted.

• Tanzu Greenplum for Kubernetes
  • All versions prior to 2.0.0

• Isolation Segment
  • 2.8.x versions with Xenial Stemcells prior to 621.376
  • 2.9.x versions with Xenial Stemcells prior to 621.376
  • 2.10.x versions with Xenial Stemcells prior to 621.376
  • 2.11.x versions with Xenial Stemcells prior to 621.376
  • 2.12.x versions with Xenial Stemcells prior to 621.376
  • 2.13.x versions with Xenial Stemcells prior to 621.376

• Operations Manager
  • 2.10.x versions prior to 2.10.52

• VMware Tanzu Application Service for VMs
  • 2.8.x versions with Xenial Stemcells prior to 621.376
  • 2.9.x versions with Xenial Stemcells prior to 621.376
  • 2.10.x versions with Xenial Stemcells prior to 621.376
  • 2.11.x versions with Xenial Stemcells prior to 621.376
  • 2.12.x versions with Xenial Stemcells prior to 621.376
  • 2.13.x versions with Xenial Stemcells prior to 621.376

Mitigation

Users of affected products are strongly encouraged to follow the mitigation below. On the Tanzu Network product page for each release, check the Depends On section and/or Release Notes for this information. Releases that have fixed this issue include:

• Tanzu Greenplum for Kubernetes
  • 2.0.0

• Isolation Segment
  • 2.8.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.9.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.10.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.11.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.12.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.13.x: Upgrade Xenial Stemcells to 621.376 or greater

• Operations Manager
  • 2.10.52

• VMware Tanzu Application Service for VMs
  • 2.8.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.9.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.10.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.11.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.12.x: Upgrade Xenial Stemcells to 621.376 or greater
  • 2.13.x: Upgrade Xenial Stemcells to 621.376 or greater

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11671
• https://ubuntu.com/security/notices/USN-5770-1
• https://cloudfoundry.org/blog/usn-5770-1

History

2023-05-11: Initial vulnerability report published.