CVE-2018-12886

Name	CVE-2018-12886
Description	stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
gcc-4.8	source	(unstable)	(unfixed)
gcc-4.9	source	(unstable)	(unfixed)
gcc-6	source	(unstable)	(unfixed)
gcc-7	source	(unstable)	(unfixed)
gcc-8	source	(unstable)	(unfixed)

Notes

[bullseye] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-7 <ignored> (Too intrusive to backport)
[stretch] - gcc-6 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434
https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2