ALSA-2021:4591

See a problem?
Please try reporting it to the source first.

Source

https://errata.almalinux.org/8/ALSA-2021-4591.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4591.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2021:4591

Related

CVE-2021-42574

Published

2021-11-10T08:38:54Z

Modified

2021-11-12T16:17:39Z

Summary

Moderate: gcc-toolset-11-annobin security update

Details

Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.

Security Fix(es):

Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters:

This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://vulners.com/cve/CVE-2021-42574

Affected packages

AlmaLinux:8 / gcc-toolset-11-annobin-annocheck

Package

Name: gcc-toolset-11-annobin-annocheck

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.85-1.el8_5.1

AlmaLinux:8 / gcc-toolset-11-annobin-docs

Package

Name: gcc-toolset-11-annobin-docs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.85-1.el8_5.1

AlmaLinux:8 / gcc-toolset-11-annobin-plugin-gcc

Package

Name: gcc-toolset-11-annobin-plugin-gcc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.85-1.el8_5.1