SB2018022120 - Information disclosure in gcc (Alpine package)
Published: February 21, 2018
Security Bulletin ID
SB2018022120
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=d420552f02af2ad6a15cf3a70b76bf86b222c07e
- https://git.alpinelinux.org/aports/commit/?id=f76673fb030820b2053cad7e5b81ece31079d4cc
- https://git.alpinelinux.org/aports/commit/?id=a1879bd58982c8ed4b39e08e17942462027ef447
- https://git.alpinelinux.org/aports/commit/?id=948cf8145a132fd08c7fcfd29b6fa78d63657651
- https://git.alpinelinux.org/aports/commit/?id=b92ecf47e1d7a8f61e049eba34bf9730f806dbec
- https://git.alpinelinux.org/aports/commit/?id=348f02a526f57b92af265012546dc05eb3f5de7f