ALSA-2021:4586

[ALSA-2021:4586] Moderate: gcc-toolset-11-gcc security update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters:

This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters.

There are three levels of warning supported by gcc:
"-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.)
"-Wbidirectional=none", which turns the warning off.
"-Wbidirectional=any", which warns about any use of bidirectional characters.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2021-42574

Updated packages listed below:

Architecture	Package	Checksum
i686	gcc-toolset-11-libitm-devel-11.2.1-1.2.el8_5.i686.rpm	21ac4853950b380576a944eb11ce67fef4614d35820b3516973ec5923e8b2226
i686	gcc-toolset-11-libstdc++-devel-11.2.1-1.2.el8_5.i686.rpm	345a03800a07393a4f5e652db1a10f6b1c8f120a4e125980d2311272f29c8fc9
i686	gcc-toolset-11-libasan-devel-11.2.1-1.2.el8_5.i686.rpm	50745562e3b5651246f5010f3a4fc1c347a8c21d7f6fcdfa209bf403a2769c1a
i686	gcc-toolset-11-gcc-plugin-devel-11.2.1-1.2.el8_5.i686.rpm	53445b64d13496fa81ba1830fae25cd79457db164317f741616ff789e117ff57
i686	gcc-toolset-11-libatomic-devel-11.2.1-1.2.el8_5.i686.rpm	552276e0038c00c8caad6c4376e2c8638e4332e3b13839b04a6a1e8d972152d4
i686	gcc-toolset-11-libubsan-devel-11.2.1-1.2.el8_5.i686.rpm	5c0831d3e78837884634f872445e93ea45201ae0afddc0f18d445a32680c45aa
i686	libasan6-11.2.1-1.2.el8_5.i686.rpm	6d4bacee9941f788d0b057c050209fe30c24cbffdb1e212d339b7e94f63f9e26
i686	gcc-toolset-11-libgccjit-devel-11.2.1-1.2.el8_5.i686.rpm	c534dc0fa4152af83b9f7c7bc3d33f4d61965daa73bc1685c7f64b7143062f5d
i686	gcc-toolset-11-libquadmath-devel-11.2.1-1.2.el8_5.i686.rpm	e350ed3680ddc9de0d75e6ae9a38a26abd1f20fff4bff8faace7ac93b5284797
x86_64	gcc-toolset-11-libtsan-devel-11.2.1-1.2.el8_5.x86_64.rpm	03c09af9626131d83859752c718645ac3e3a5e9b91a2c84063c35b8b6282e840
x86_64	gcc-toolset-11-libgccjit-11.2.1-1.2.el8_5.x86_64.rpm	04b219ebb3400fa59e7cbea068d45aa2df8a1226a5fe8f0fb6545d4b80f949e0
x86_64	gcc-toolset-11-gcc-plugin-devel-11.2.1-1.2.el8_5.x86_64.rpm	23b0a74f0054cb2396c8ecbd61d28edde108570f200c33bf51c7e4ac0cff789d
x86_64	libasan6-11.2.1-1.2.el8_5.x86_64.rpm	493c9eb57806b31e31d976c117e5b77c5363baf6c1d07e8a2732c48b1a3b6dd4
x86_64	gcc-toolset-11-libgccjit-devel-11.2.1-1.2.el8_5.x86_64.rpm	500d358ac7e9d6adbd408d4df9dd738187215e0792714db5f82f4a1edb1eaeb1
x86_64	gcc-toolset-11-libstdc++-docs-11.2.1-1.2.el8_5.x86_64.rpm	5400d3784028cc9e4aa8db1fa7c7e748e95d8a934c4f6322462b1818f04a1efd
x86_64	gcc-toolset-11-libasan-devel-11.2.1-1.2.el8_5.x86_64.rpm	7d0c6a57fa0b420adeaa98a5ff2e2970ce1ad94f0ceb32043f9390bfc9f26cf9
x86_64	gcc-toolset-11-gcc-gfortran-11.2.1-1.2.el8_5.x86_64.rpm	8564b28f1b9b0cf4f3a1191572cd486324df640cfa16cec6d38fb2af68901ff8
x86_64	gcc-toolset-11-libatomic-devel-11.2.1-1.2.el8_5.x86_64.rpm	8a59d312ee5412fd9e9ac283acbe355b703614fd9efbe7ed70cc9b55c13687d7
x86_64	gcc-toolset-11-libitm-devel-11.2.1-1.2.el8_5.x86_64.rpm	8b9345c164647f6bc6cc8a75364c4ff59a4a9103c0d9dea44f402a71f3da90a7
x86_64	gcc-toolset-11-gcc-gdb-plugin-11.2.1-1.2.el8_5.x86_64.rpm	8c4317e1c455781784d89ad81d56114a08ee7700ff449ff7294ae9e4d86a51fd
x86_64	gcc-toolset-11-liblsan-devel-11.2.1-1.2.el8_5.x86_64.rpm	95f8549c41aaa35ae803ff017cb0df2f275be1979a2cacda0dd15e7a673467ad
x86_64	gcc-toolset-11-libubsan-devel-11.2.1-1.2.el8_5.x86_64.rpm	96e067a27ee5dc137de49a7ee810325d8eec2b9b5cd807161e62a5c0f08d3a27
x86_64	gcc-toolset-11-gcc-c++-11.2.1-1.2.el8_5.x86_64.rpm	a3734611edce2c633baa4400e932628b7fd6cac630eaf284454d4a7a9257b3d6
x86_64	gcc-toolset-11-libstdc++-devel-11.2.1-1.2.el8_5.x86_64.rpm	a6da1c39b3a72246e7180146057503cfcd7b0d3b89d72aa0de19ccf21e9530b3
x86_64	gcc-toolset-11-gcc-11.2.1-1.2.el8_5.x86_64.rpm	e67fd7b7898dfe9f5e3846aed46e0fce0acfe3f38dc3fe5092e3115763d88a62
x86_64	gcc-toolset-11-libgccjit-docs-11.2.1-1.2.el8_5.x86_64.rpm	f749fb19afbe55433600c6f3fac10d910c8870c9e1f5db9cfc983f0680ca3f35
x86_64	gcc-toolset-11-libquadmath-devel-11.2.1-1.2.el8_5.x86_64.rpm	fb5359647fcb96cb6c843494d7e1ad4dc8519f16a74f9e05f09dfedde37a3823

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.