[ALSA-2021:4649] Moderate: gcc-toolset-10-binutils security update
Type:
security
Severity:
moderate
Release date:
2021-11-16
Description:
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
i686 gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.i686.rpm 20fa60a86c24e014066f45c05d21e2988b8d3455b2f72c06263e7ec31a41ee7b
x86_64 gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.x86_64.rpm 42c33ef6db364d366a6a194208aed7decfa4591d54c57d72df0f729b386d8480
x86_64 gcc-toolset-10-binutils-2.35-8.el8_5.6.x86_64.rpm ed0780136beec3f0d876616e8922c8c4e42120c9526e3e8730ef24956b7482a7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.