Advisories

Synopsis:          Moderate: binutils security update
Advisory ID:       SLSA-2021:4033-1
Issue Date:        2021-11-02
CVE Numbers:       CVE-2021-42574
--

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override
characters  can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:

Tools which display names or strings (readelf, strings, nm, objdump) have
a  new command line option --unicode / -U which controls how Unicode
characters are handled.

Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used.  Using "--
unicode=locale" will display them according to the current locale.  Using
"--unicode=hex" will display them as hex byte values.  Using "--
unicode=escape" will display them as Unicode escape sequences.  Using "--
unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE


---
SL7
 x86_64
 - binutils-2.27-44.base.el7_9.1.x86_64.rpm
 - binutils-debuginfo-2.27-44.base.el7_9.1.i686.rpm
 - binutils-debuginfo-2.27-44.base.el7_9.1.x86_64.rpm
 - binutils-devel-2.27-44.base.el7_9.1.i686.rpm
 - binutils-devel-2.27-44.base.el7_9.1.x86_64.rpm
--

- Scientific Linux Development Team

SciLinux: SLSA-2021-4033-1 Moderate: binutils on SL7.x x86_64

Summary

Moderate: binutils security update



Security Fixes

* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters:
Tools which display names or strings (readelf, strings, nm, objdump) have characters are handled.
unicode=locale" will display them according to the current locale. Using unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE

SL7 x86_64 - binutils-2.27-44.base.el7_9.1.x86_64.rpm - binutils-debuginfo-2.27-44.base.el7_9.1.i686.rpm - binutils-debuginfo-2.27-44.base.el7_9.1.x86_64.rpm - binutils-devel-2.27-44.base.el7_9.1.i686.rpm - binutils-devel-2.27-44.base.el7_9.1.x86_64.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2021:4033-1
Issued Date: : 2021-11-02
CVE Numbers: CVE-2021-42574
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.