SB2018041052 - Red Hat update for gcc
Published: April 10, 2018
Security Bulletin ID
SB2018041052
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of cryptographically weak PRNG (CVE-ID: CVE-2017-11671)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in the ix86_expand_builtin function in i386.c due to generating of instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. A remote attacker can trigger less randomness in random number generation and gain access to potentially sensitive information.
Remediation
Install update from vendor's website.