Ubuntu 16.04 ESM：GCC 漏洞 (USN-5770-1)

medium Nessus 插件 ID 168518

语言：

简介

远程 Ubuntu 主机缺少安全更新。

描述

远程 Ubuntu 16.04 ESM 主机上安装的多个程序包受到 USN-5770-1 公告中提及的一个漏洞影响。

- 在某些情况下，在 GNU 编译器集 (GCC) 版本 4.6、4.7、4.8、4.9、低于 5.5 的 5 和低于 6.4 的 6 版中，i386.c 中的 ix86_expand_builtin 函数生成的指令序列会在其被读取前损害 RDRAND 和 RDSEED 内联函数的状态标志，这可能造成此类指令失败且未上报。这会导致随机数生成时随机性降低。(CVE-2017-11671)

请注意，Nessus 尚未测试此问题，而是只依据应用程序自我报告的版本号进行判断。

解决方案

更新受影响的程序包。

另见

https://ubuntu.com/security/notices/USN-5770-1

插件详情

严重性: Medium

ID: 168518

文件名: ubuntu_USN-5770-1.nasl

版本: 1.5

类型: local

代理: unix

系列: Ubuntu Local Security Checks

发布时间: 2022/12/8

最近更新时间: 2024/8/29

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

风险信息

VPR

风险因素: Low

分数: 1.4

CVSS v2

风险因素: Low

基本分数: 2.1

时间分数: 1.6

矢量: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 分数来源: CVE-2017-11671

CVSS v3

风险因素: Medium

基本分数: 4

时间分数: 3.5

矢量: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:canonical:ubuntu_linux:gcj-5-jdk, p-cpe:/a:canonical:ubuntu_linux:gcj-5-jre-headless, p-cpe:/a:canonical:ubuntu_linux:lib32ubsan0, cpe:/o:canonical:ubuntu_linux:16.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:libgccjit0, p-cpe:/a:canonical:ubuntu_linux:libgnatvsn5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32phobos-5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32go7, p-cpe:/a:canonical:ubuntu_linux:liblsan0, p-cpe:/a:canonical:ubuntu_linux:libsfstdc%2b%2b-5-dev, p-cpe:/a:canonical:ubuntu_linux:libgcc1, p-cpe:/a:canonical:ubuntu_linux:lib64gfortran-5-dev, p-cpe:/a:canonical:ubuntu_linux:libasan2, p-cpe:/a:canonical:ubuntu_linux:libsfobjc4, p-cpe:/a:canonical:ubuntu_linux:libx32gomp1, p-cpe:/a:canonical:ubuntu_linux:libx32gfortran-5-dev, p-cpe:/a:canonical:ubuntu_linux:gccgo-6, p-cpe:/a:canonical:ubuntu_linux:libgfortran-5-dev, p-cpe:/a:canonical:ubuntu_linux:gfortran-5-multilib, p-cpe:/a:canonical:ubuntu_linux:lib32atomic1, p-cpe:/a:canonical:ubuntu_linux:libx32gcc1, p-cpe:/a:canonical:ubuntu_linux:lib32objc4, p-cpe:/a:canonical:ubuntu_linux:libgcj16, p-cpe:/a:canonical:ubuntu_linux:libubsan0, p-cpe:/a:canonical:ubuntu_linux:lib32go7, p-cpe:/a:canonical:ubuntu_linux:libsfstdc%2b%2b6, p-cpe:/a:canonical:ubuntu_linux:gccgo-6-multilib, p-cpe:/a:canonical:ubuntu_linux:lib64asan2, p-cpe:/a:canonical:ubuntu_linux:libgnatprj5, p-cpe:/a:canonical:ubuntu_linux:libgccjit-5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32gcc-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib32asan2, p-cpe:/a:canonical:ubuntu_linux:gobjc-5, p-cpe:/a:canonical:ubuntu_linux:gcc-5-base, p-cpe:/a:canonical:ubuntu_linux:lib32gfortran-5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32stdc%2b%2b-5-dev, p-cpe:/a:canonical:ubuntu_linux:libgcj16-dev, p-cpe:/a:canonical:ubuntu_linux:gcc-5-test-results, p-cpe:/a:canonical:ubuntu_linux:fixincludes, p-cpe:/a:canonical:ubuntu_linux:lib32gomp1, p-cpe:/a:canonical:ubuntu_linux:lib64go7, p-cpe:/a:canonical:ubuntu_linux:libx32gfortran3, p-cpe:/a:canonical:ubuntu_linux:libgfortran3, p-cpe:/a:canonical:ubuntu_linux:gcj-5-source, p-cpe:/a:canonical:ubuntu_linux:libsfobjc-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib32objc-5-dev, p-cpe:/a:canonical:ubuntu_linux:libsfgfortran3, p-cpe:/a:canonical:ubuntu_linux:lib64quadmath0, p-cpe:/a:canonical:ubuntu_linux:libgnatprj5-dev, p-cpe:/a:canonical:ubuntu_linux:libquadmath0, p-cpe:/a:canonical:ubuntu_linux:libmpx0, p-cpe:/a:canonical:ubuntu_linux:cpp-5, p-cpe:/a:canonical:ubuntu_linux:gobjc%2b%2b-5, p-cpe:/a:canonical:ubuntu_linux:libstdc%2b%2b-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib64objc-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib32stdc%2b%2b6, p-cpe:/a:canonical:ubuntu_linux:libsfubsan0, p-cpe:/a:canonical:ubuntu_linux:gdc-5, p-cpe:/a:canonical:ubuntu_linux:libgo9, p-cpe:/a:canonical:ubuntu_linux:lib64objc4, p-cpe:/a:canonical:ubuntu_linux:lib32gfortran3, p-cpe:/a:canonical:ubuntu_linux:lib64ubsan0, p-cpe:/a:canonical:ubuntu_linux:libobjc4, p-cpe:/a:canonical:ubuntu_linux:lib32quadmath0, p-cpe:/a:canonical:ubuntu_linux:lib64cilkrts5, p-cpe:/a:canonical:ubuntu_linux:lib32go9, p-cpe:/a:canonical:ubuntu_linux:libstdc%2b%2b-5-pic, p-cpe:/a:canonical:ubuntu_linux:libsfgomp1, p-cpe:/a:canonical:ubuntu_linux:lib32phobos-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib64itm1, p-cpe:/a:canonical:ubuntu_linux:libobjc-5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32itm1, p-cpe:/a:canonical:ubuntu_linux:lib32stdc%2b%2b-5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32atomic1, p-cpe:/a:canonical:ubuntu_linux:libitm1, p-cpe:/a:canonical:ubuntu_linux:gdc-5-multilib, p-cpe:/a:canonical:ubuntu_linux:libgnat-5, p-cpe:/a:canonical:ubuntu_linux:libsfasan2, p-cpe:/a:canonical:ubuntu_linux:libcc1-0, p-cpe:/a:canonical:ubuntu_linux:gcc-5-source, p-cpe:/a:canonical:ubuntu_linux:gccgo-5, p-cpe:/a:canonical:ubuntu_linux:gccgo-5-multilib, p-cpe:/a:canonical:ubuntu_linux:libx32lsan0, p-cpe:/a:canonical:ubuntu_linux:libsfphobos-5-dev, p-cpe:/a:canonical:ubuntu_linux:libgnatvsn5, p-cpe:/a:canonical:ubuntu_linux:gcc-6-base, p-cpe:/a:canonical:ubuntu_linux:libx32ubsan0, p-cpe:/a:canonical:ubuntu_linux:libsfgfortran-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib64gcc-5-dev, p-cpe:/a:canonical:ubuntu_linux:libgcj16-awt, p-cpe:/a:canonical:ubuntu_linux:gcc-5-locales, p-cpe:/a:canonical:ubuntu_linux:lib32gcc-5-dev, p-cpe:/a:canonical:ubuntu_linux:gobjc-5-multilib, p-cpe:/a:canonical:ubuntu_linux:lib64atomic1, p-cpe:/a:canonical:ubuntu_linux:libx32stdc%2b%2b6, p-cpe:/a:canonical:ubuntu_linux:g%2b%2b-5-multilib, p-cpe:/a:canonical:ubuntu_linux:gcc-5-multilib, p-cpe:/a:canonical:ubuntu_linux:gfortran-5, p-cpe:/a:canonical:ubuntu_linux:libsfgcc-5-dev, p-cpe:/a:canonical:ubuntu_linux:libatomic1, p-cpe:/a:canonical:ubuntu_linux:gcj-5-jre, p-cpe:/a:canonical:ubuntu_linux:libsfatomic1, p-cpe:/a:canonical:ubuntu_linux:lib32gcc1, p-cpe:/a:canonical:ubuntu_linux:lib64gfortran3, p-cpe:/a:canonical:ubuntu_linux:gcc-5, p-cpe:/a:canonical:ubuntu_linux:g%2b%2b-5, p-cpe:/a:canonical:ubuntu_linux:libtsan0, p-cpe:/a:canonical:ubuntu_linux:lib32lsan0, p-cpe:/a:canonical:ubuntu_linux:gcc-5-plugin-dev, p-cpe:/a:canonical:ubuntu_linux:lib32cilkrts5, p-cpe:/a:canonical:ubuntu_linux:lib64gcc1, p-cpe:/a:canonical:ubuntu_linux:libx32go9, p-cpe:/a:canonical:ubuntu_linux:lib64mpx0, p-cpe:/a:canonical:ubuntu_linux:libstdc%2b%2b6, p-cpe:/a:canonical:ubuntu_linux:gnat-5, p-cpe:/a:canonical:ubuntu_linux:libx32asan2, p-cpe:/a:canonical:ubuntu_linux:libx32objc4, p-cpe:/a:canonical:ubuntu_linux:lib32itm1, p-cpe:/a:canonical:ubuntu_linux:lib32mpx0, p-cpe:/a:canonical:ubuntu_linux:gcj-5-jre-lib, p-cpe:/a:canonical:ubuntu_linux:libgomp1, p-cpe:/a:canonical:ubuntu_linux:libx32cilkrts5, p-cpe:/a:canonical:ubuntu_linux:gobjc%2b%2b-5-multilib, p-cpe:/a:canonical:ubuntu_linux:lib64phobos-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib64stdc%2b%2b-5-dev, p-cpe:/a:canonical:ubuntu_linux:libgo7, p-cpe:/a:canonical:ubuntu_linux:libgcc-5-dev, p-cpe:/a:canonical:ubuntu_linux:lib64go9, p-cpe:/a:canonical:ubuntu_linux:libx32objc-5-dev, p-cpe:/a:canonical:ubuntu_linux:libx32quadmath0, p-cpe:/a:canonical:ubuntu_linux:gnat-5-sjlj, p-cpe:/a:canonical:ubuntu_linux:libsfgcc1, p-cpe:/a:canonical:ubuntu_linux:libphobos-5-dev, p-cpe:/a:canonical:ubuntu_linux:gcj-5, p-cpe:/a:canonical:ubuntu_linux:libcilkrts5, p-cpe:/a:canonical:ubuntu_linux:lib64gomp1, p-cpe:/a:canonical:ubuntu_linux:lib64stdc%2b%2b6

必需的 KB 项: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

易利用性: No known exploits are available

补丁发布日期: 2022/12/8

漏洞发布日期: 2017/7/26

参考资料信息

CVE: CVE-2017-11671

USN: 5770-1