888791 – (CVE-2014-5044) VUL-1: CVE-2014-5044: gcc: integer overflow flaws in libgfortran

Bug 888791 (CVE-2014-5044) - VUL-1: CVE-2014-5044: gcc: integer overflow flaws in libgfortran

Summary: VUL-1: CVE-2014-5044: gcc: integer overflow flaws in libgfortran

Status:	RESOLVED FIXED

Alias:	CVE-2014-5044

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Michael Matz
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/103976/
Whiteboard:	CVSSv2:RedHat:CVE-2014-5044:4.6:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-07-24 13:03 UTC by Victor Pereira
Modified:	2023-02-08 16:49 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2014-07-24 13:03:36 UTC

CVE-2014-5044

Multiple integer overflow issues were found in libgfortran, the run-time support library for the Fortran compiler. These could possibly be used to crash a Fortran application or cause it to execute arbitrary code.

Upstream fix:

https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721

These will be included in a later release of GCC.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1122812

Comment 2 Swamp Workflow Management 2014-07-24 22:00:25 UTC

bugbot adjusting priority

Comment 12 Michael Matz 2015-01-26 14:32:30 UTC

Okay, AFAICS this then leaves only gcc47 for SLE11-SP3.  If you need one,
please request an update.

Comment 13 Johannes Segitz 2015-03-24 14:24:44 UTC

we will include this in the next gcc update

Comment 14 Michael Matz 2023-02-08 16:49:02 UTC

Fixed everywhere where we wanted.  Closing.