gcc-toolset-10-binutils-2.35-8.el8.6

The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the ar,
as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and
addr2line utilities.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in gcc in order to facilitate detection of
BiDi Unicode characters:

This update implements a new warning option -Wbidirectional to warn about
possibly dangerous bidirectional characters.

There are three levels of warning supported by gcc:
"-Wbidirectional=unpaired", which warns about improperly terminated BiDi
contexts. (This is the default.)
"-Wbidirectional=none", which turns the warning off.
"-Wbidirectional=any", which warns about any use of bidirectional characters.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode
Specification through 14.0. It permits the visual reordering of characters via
control sequences, which can be used to craft source code that renders different
logic than the logical ordering of tokens ingested by compilers and
interpreters. Adversaries can leverage this to encode source code for compilers
accepting Unicode such that targeted vulnerabilities are introduced invisibly to
human reviewers.

CVE(s):
CVE-2021-42574