drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in devtoolset-11-annobin
Name: |
Mangelnde Eingabeprüfung in devtoolset-11-annobin |
|
ID: |
RHSA-2021:4729-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Software Collections |
|
Datum: |
Do, 18. November 2021, 21:10 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 |
|
Applikationen: |
devtoolset-11-annobin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: devtoolset-11-annobin security update Advisory ID: RHSA-2021:4729-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:4729 Issue date: 2021-11-18 CVE Names: CVE-2021-42574 =====================================================================
1. Summary:
An update for devtoolset-11-annobin is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
3. Description:
Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters:
This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm
noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm
ppc64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64.rpm
ppc64le: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64le.rpm
s390x: devtoolset-11-annobin-annocheck-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.s390x.rpm
x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm
noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm
ppc64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64.rpm
ppc64le: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64le.rpm
s390x: devtoolset-11-annobin-annocheck-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.s390x.rpm
x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm
noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm
x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYZZmBNzjgjWX9erEAQh70A/9HG8OIuhA3BL1C+bG6+lX2bsIke99PApB lXL2fyRtB+/F+L0ak77WNxK8tImb9F6QFLFa241EiwBKeQ4sGy4es/tZ8b5L3ad8 9Tb34+W2OZ3qjyZG9ni5vNEopu4t/6URZ9EUwp4B4EEH55nhwibCS0XBPWXSn/mi YKdorAiWUjWh6emNbSuiTMfbXd2QMThIMisG/ZPmAZDR2+PsjErgWItHg1YmLbmU N0gTKqoYPQbHKqF5p4SgzMV8LJlfllR4y6do3vT7392QBlyqtBw1I+MvoRrot247 LADC3W8kHwuxzdYvFW/05QrTPbkFWIvQV5MOKHL4+vbS3/eDFvX1NqWXRTVouj1Z /StR8Obq1kagwV3K5bsFzPmBzc53Oejl7lp7KHJ+cVNgeabdYtVYWS5rAP+wFlrV kXRXwIdPSbxlLY5OU4LpVNZ+ZpGGZ82oL7+hV0WLp7CGNaHuRVlToMyEFo7sYIqK K0INIfN+bz5RO93VofbEBUP6AZO/NZLsEKeDiQNyq0WdFYOeI3o8JSC3Vhv38+vh Z13G0VCT0hQn96Yd0Fgv4vKUZYI3hDlb6mEupFTUVK+KAKyCrG5BBx7i7jTBXt4H tVTzHPuf2bMiPUeKEMyFLeMQkEPYDujoxMwaxIQhohPCO/i6xWpDP16EQn5H+UcD x5ZpMEpNVEE= =LJM+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|