Bug 1195283 - VUL-0: CVE-2022-0001, CVE-2022-0002: gcc: mitigate BHB speculation issues
VUL-0: CVE-2022-0001, CVE-2022-0002: gcc: mitigate BHB speculation issues
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Richard Biener
Security Team bot
https://smash.suse.de/issue/312331/
:
Depends on: CVE-2022-0001
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-28 16:07 UTC by Marcus Meissner
Modified: 2022-07-22 08:40 UTC (History)
10 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
rguenther: needinfo? (meissner)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 4 Marcus Meissner 2022-02-22 08:02:21 UTC
CRD: 2022-03-08 10:00PT
Comment 11 Swamp Workflow Management 2022-06-02 19:19:45 UTC
SUSE-RU-2022:1926-1: An update that has 5 recommended fixes and contains one feature can now be installed.

Category: recommended (moderate)
Bug References: 1192951,1193659,1195283,1196861,1197065
CVE References: 
JIRA References: OBS-124
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE OpenStack Cloud Crowbar 8 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE OpenStack Cloud 9 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE OpenStack Cloud 8 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP5 (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    gcc11-11.3.0+git1637-1.10.1
SUSE Linux Enterprise Module for Toolchain 12 (src):    cross-nvptx-gcc11-11.3.0+git1637-1.10.1, gcc11-11.3.0+git1637-1.10.1, gcc11-testresults-11.3.0+git1637-1.10.1
HPE Helion Openstack 8 (src):    gcc11-11.3.0+git1637-1.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-06-08 19:17:36 UTC
SUSE-RU-2022:2019-1: An update that has 5 recommended fixes and contains one feature can now be installed.

Category: recommended (moderate)
Bug References: 1192951,1193659,1195283,1196861,1197065
CVE References: 
JIRA References: OBS-124
Sources used:
openSUSE Leap 15.4 (src):    cross-aarch64-gcc11-11.3.0+git1637-150000.1.9.1, cross-aarch64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-arm-gcc11-11.3.0+git1637-150000.1.9.1, cross-arm-none-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-avr-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-epiphany-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-hppa-gcc11-11.3.0+git1637-150000.1.9.1, cross-m68k-gcc11-11.3.0+git1637-150000.1.9.1, cross-mips-gcc11-11.3.0+git1637-150000.1.9.1, cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64le-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-elf-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-rx-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-s390x-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-x86_64-gcc11-11.3.0+git1637-150000.1.9.1, gcc11-11.3.0+git1637-150000.1.9.1, gcc11-testresults-11.3.0+git1637-150000.1.9.1
openSUSE Leap 15.3 (src):    cross-aarch64-gcc11-11.3.0+git1637-150000.1.9.1, cross-aarch64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-arm-gcc11-11.3.0+git1637-150000.1.9.1, cross-arm-none-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-avr-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-epiphany-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-hppa-gcc11-11.3.0+git1637-150000.1.9.1, cross-m68k-gcc11-11.3.0+git1637-150000.1.9.1, cross-mips-gcc11-11.3.0+git1637-150000.1.9.1, cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-ppc64le-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-elf-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-11.3.0+git1637-150000.1.9.1, cross-riscv64-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-rx-gcc11-bootstrap-11.3.0+git1637-150000.1.9.1, cross-s390x-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc-gcc11-11.3.0+git1637-150000.1.9.1, cross-sparc64-gcc11-11.3.0+git1637-150000.1.9.1, cross-x86_64-gcc11-11.3.0+git1637-150000.1.9.1, gcc11-11.3.0+git1637-150000.1.9.1, gcc11-testresults-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    cross-nvptx-gcc11-11.3.0+git1637-150000.1.9.1, gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    gcc11-11.3.0+git1637-150000.1.9.1, gcc11-testresults-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Micro 5.2 (src):    gcc11-11.3.0+git1637-150000.1.9.1
SUSE Linux Enterprise Micro 5.1 (src):    gcc11-11.3.0+git1637-150000.1.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 OBSbugzilla Bot 2022-07-22 08:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1195283) was mentioned in
https://build.opensuse.org/request/show/990640 Factory / gcc11