SB2020032329 - Red Hat Developer Toolset 8 for Red Hat Enterprise Linux update for devtoolset-8-gcc

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020032329

SB2020032329 - Red Hat Developer Toolset 8 for Red Hat Enterprise Linux update for devtoolset-8-gcc

Published: March 23, 2020

Security Bulletin ID SB2020032329
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2019-15847)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to the POWER9 backend in GNU Compiler Collection (GCC) can optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This vulnerability may weaken security features that rely on random number generator.


Remediation

Install update from vendor's website.

References