Subject: | |
From: | |
Reply To: | |
Date: | Tue, 2 Nov 2021 12:53:54 -0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: binutils security update
Advisory ID: SLSA-2021:4033-1
Issue Date: 2021-11-02
CVE Numbers: CVE-2021-42574
--
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override
characters can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:
Tools which display names or strings (readelf, strings, nm, objdump) have
a new command line option --unicode / -U which controls how Unicode
characters are handled.
Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used. Using "--
unicode=locale" will display them according to the current locale. Using
"--unicode=hex" will display them as hex byte values. Using "--
unicode=escape" will display them as Unicode escape sequences. Using "--
unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
---
SL7
x86_64
- binutils-2.27-44.base.el7_9.1.x86_64.rpm
- binutils-debuginfo-2.27-44.base.el7_9.1.i686.rpm
- binutils-debuginfo-2.27-44.base.el7_9.1.x86_64.rpm
- binutils-devel-2.27-44.base.el7_9.1.i686.rpm
- binutils-devel-2.27-44.base.el7_9.1.x86_64.rpm
--
- Scientific Linux Development Team
|
|
|