ALSA-2021:4587

[ALSA-2021:4587] Moderate: gcc security update

Type:

security

Severity:

moderate

Release date:

2021-11-18

Description:

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters:

This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters.

There are three levels of warning supported by gcc:
"-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.)
"-Wbidirectional=none", which turns the warning off.
"-Wbidirectional=any", which warns about any use of bidirectional characters.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2021-42574

Updated packages listed below:

Architecture	Package	Checksum
i686	libquadmath-devel-8.5.0-4.el8_5.alma.i686.rpm	3e6b8fb19a035e74f47d3c08c8eba120a669de2d22b1e4f48ecf2b03008b6391
i686	libstdc++-devel-8.5.0-4.el8_5.alma.i686.rpm	662e66985087e13a5765368f95e359d3d7d9339c5c96840d5d7f3365a247a4c8
i686	gcc-gdb-plugin-8.5.0-4.el8_5.alma.i686.rpm	c0202ac8d00e914142e61d9da334c3d0961612b2d13e950051b63a4db6ef7f80
i686	libstdc++-static-8.5.0-4.el8_5.alma.i686.rpm	c7ae32f7cb8e3f7f9512d491697178a28c3357c0a751115f79aa0942532d0fe0
i686	libitm-devel-8.5.0-4.el8_5.alma.i686.rpm	ce4e862c70268cd805721f3c368c5c3941d0406483f1fa4322c584dc28d5b9f1
i686	gcc-plugin-devel-8.5.0-4.el8_5.alma.i686.rpm	e9ee830f90aa962e0812ec8d5496b01f698238d6358928c0532938413208f0ee
x86_64	libstdc++-docs-8.5.0-4.el8_5.alma.x86_64.rpm	00451f306a19e42fc652cd451e9b4435b6259945d05afd9a60ccd3cabf114b9b
x86_64	libstdc++-devel-8.5.0-4.el8_5.alma.x86_64.rpm	32c700a4e9ad97ac3b46fc9800a7679a4c45b355986474d56b6124a29f96f66e
x86_64	gcc-c++-8.5.0-4.el8_5.alma.x86_64.rpm	508186792deac768f926d5610e6bcfc063f1ade476533aa88a226c3adbb2af87
x86_64	gcc-offload-nvptx-8.5.0-4.el8_5.alma.x86_64.rpm	6f8f7fb062e711cda7b3e412ee27c87ddd871e81b32dc63138bba4d13ef23e0e
x86_64	gcc-gdb-plugin-8.5.0-4.el8_5.alma.x86_64.rpm	76bea9a08c368bd280bfea678fe7c9319cb2f34b1742f34edebe8f420912e7ec
x86_64	gcc-plugin-devel-8.5.0-4.el8_5.alma.x86_64.rpm	8a7e6ddaa91eeca0f9f30200d53df560a685aa28353e0808cb08f592bb16a84e
x86_64	gcc-8.5.0-4.el8_5.alma.x86_64.rpm	947c02f7c002e80dcc56b199a18b09e39c3854092e6080680c7a46ed8c0cdf16
x86_64	libquadmath-devel-8.5.0-4.el8_5.alma.x86_64.rpm	9d44b0efdc1ca0f5582f94c0d2ebb2ed10abc64700fa14e5f0187ddb52896a3d
x86_64	libitm-devel-8.5.0-4.el8_5.alma.x86_64.rpm	c579e87ad3c4d2a6d12cdc273b43255fe763aa551410d1df3f6c36752be74e43
x86_64	cpp-8.5.0-4.el8_5.alma.x86_64.rpm	d9a15bdcdbffef6f59037a7f6cb6e2f24aa2edd4f03e54a1e5578b31be59db26
x86_64	libstdc++-static-8.5.0-4.el8_5.alma.x86_64.rpm	e0b692d3c926461752da3a42e1ccab9b487007598c3c7ec2aeac1b7c40bd8fae
x86_64	gcc-gfortran-8.5.0-4.el8_5.alma.x86_64.rpm	fab02bd58ba9918c957d6a7f323093e0c8a51b78a372f205bf86e913e1971d56

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.