Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4585

Опубликовано: 10 нояб. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: gcc-toolset-10-gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.

Security Fix(es):

  • Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters:

This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters.

There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
gcc-toolset-10-gccx86_641.2.el8_5gcc-toolset-10-gcc-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-gcc-c++x86_641.2.el8_5gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-gcc-gdb-pluginx86_641.2.el8_5gcc-toolset-10-gcc-gdb-plugin-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-gcc-gfortranx86_641.2.el8_5gcc-toolset-10-gcc-gfortran-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-libasan-develx86_641.2.el8_5gcc-toolset-10-libasan-devel-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-libatomic-develx86_641.2.el8_5gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-libitm-develx86_641.2.el8_5gcc-toolset-10-libitm-devel-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-liblsan-develx86_641.2.el8_5gcc-toolset-10-liblsan-devel-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-libquadmath-develx86_641.2.el8_5gcc-toolset-10-libquadmath-devel-10.3.1-1.2.el8_5.x86_64.rpm
gcc-toolset-10-libstdc++-develx86_641.2.el8_5gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-42574

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-42574

CVSS3: 8.3
ubuntu
почти 4 года назад

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements...

redhat логотип

CVE-2021-42574

CVSS3: 8.5
redhat
почти 4 года назад

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements...

nvd логотип

CVE-2021-42574

CVSS3: 8.3
nvd
почти 4 года назад

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of

debian логотип

CVE-2021-42574

CVSS3: 8.3
debian
почти 4 года назад

An issue was discovered in the Bidirectional Algorithm in the Unicode ...

oracle-oval логотип

ELSA-2021-4743

oracle-oval
больше 3 лет назад

ELSA-2021-4743: llvm-toolset:ol8 security update (MODERATE)