RLSA-2021:4743

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2021:4743

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2021:4743.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2021:4743

Related

CVE-2021-42574

Published

2021-11-18T16:29:15Z

Modified

2023-02-02T14:12:13.836056Z

Severity

8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Moderate: llvm-toolset:rhel8 security update

Details

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.

Security Fix(es):

Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in clang in order to facilitate detection of BiDi Unicode characters:

clang-tidy now finds identifiers that contain Unicode characters with right-to-left direction, which can be confusing as they may change the understanding of a whole statement.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8 / clang

Package

Name: clang
Purl: pkg:rpm/rocky-linux/clang?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-4.module+el8.5.0+715+58f51d49

Rocky Linux:8 / compiler-rt

Package

Name: compiler-rt
Purl: pkg:rpm/rocky-linux/compiler-rt?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-1.module+el8.5.0+692+8756646f

Rocky Linux:8 / libomp

Package

Name: libomp
Purl: pkg:rpm/rocky-linux/libomp?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-1.module+el8.5.0+692+8756646f

Rocky Linux:8 / lld

Package

Name: lld
Purl: pkg:rpm/rocky-linux/lld?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-1.module+el8.5.0+692+8756646f

Rocky Linux:8 / lldb

Package

Name: lldb
Purl: pkg:rpm/rocky-linux/lldb?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-1.module+el8.5.0+692+8756646f

Rocky Linux:8 / llvm

Package

Name: llvm
Purl: pkg:rpm/rocky-linux/llvm?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-2.module+el8.5.0+692+8756646f

Rocky Linux:8 / llvm-toolset

Package

Name: llvm-toolset
Purl: pkg:rpm/rocky-linux/llvm-toolset?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-1.module+el8.5.0+692+8756646f

Rocky Linux:8 / python-lit

Package

Name: python-lit
Purl: pkg:rpm/rocky-linux/python-lit?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:12.0.1-1.module+el8.5.0+692+8756646f