gcc-toolset-10-annobin-9.29-1.el8.2, gcc-toolset-10-gcc-10.3.1-1.2.el8

エラータID: AXSA:2021-2881:01

Release date: 
Monday, December 27, 2021 - 20:19
Subject: 
gcc-toolset-10-annobin-9.29-1.el8.2, gcc-toolset-10-gcc-10.3.1-1.2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and
Ada 95 GNU, as well as related support libraries.

Annobin provides a compiler plugin to annotate and tools to examine compiled
binary files.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in gcc in order to facilitate detection of
BiDi Unicode characters:

This update implements a new warning option -Wbidirectional to warn about
possibly dangerous bidirectional characters.

There are three levels of warning supported by gcc:
"-Wbidirectional=unpaired", which warns about improperly terminated BiDi
contexts. (This is the default.)
"-Wbidirectional=none", which turns the warning off.
"-Wbidirectional=any", which warns about any use of bidirectional characters.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode
Specification through 14.0. It permits the visual reordering of characters via
control sequences, which can be used to craft source code that renders different
logic than the logical ordering of tokens ingested by compilers and
interpreters. Adversaries can leverage this to encode source code for compilers
accepting Unicode such that targeted vulnerabilities are introduced invisibly to
human reviewers.

CVE(s):
CVE-2021-42574

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. gcc-toolset-10-annobin-9.29-1.el8.2.src.rpm
    MD5: d2e39fa1d61b576dc5d2a93ee0421a1d
    SHA-256: 5b51c5905ed817de54addbd4f8b847e40f68607d1b02b894336e287897fe98c6
    Size: 504.77 kB
  2. gcc-toolset-10-gcc-10.3.1-1.2.el8.src.rpm
    MD5: 261285fb187fa2cb54a3695faa4907ef
    SHA-256: 1e9a6f8f1fbf53a784d7537fde7f8ba8f35097e18f95dd5979cfda41538558f1
    Size: 80.05 MB

Asianux Server 8 for x86_64
  1. gcc-toolset-10-annobin-9.29-1.el8.2.x86_64.rpm
    MD5: ff414401b87778539560f67552fd1fc2
    SHA-256: 5eb64726b7db4698e2784ea0e87f5975c7355cb51e0596a2cdc0f8a534d48e79
    Size: 88.61 kB
  2. gcc-toolset-10-gcc-10.3.1-1.2.el8.x86_64.rpm
    MD5: a58cc6009ae2cd913592f32ec6161a7d
    SHA-256: 78784e8b8f1f5814707c5b21c7fbd5cc16e6bd21dfd78a87c3709886030d8912
    Size: 31.35 MB
  3. gcc-toolset-10-gcc-c++-10.3.1-1.2.el8.x86_64.rpm
    MD5: 8ea3c4bc88228f84c6b36e585af0546a
    SHA-256: bf165b6726bf3aee2767c3c5833739df679a8ea9a3d6e739fbded91e76e6469c
    Size: 11.92 MB
  4. gcc-toolset-10-gcc-gdb-plugin-10.3.1-1.2.el8.x86_64.rpm
    MD5: 07d26da25df6f67d22c00ea33d3302ab
    SHA-256: 91a2b2497584fb9b0fe4925ba0a398affedbd9db362d6817eed7a3ce9c45c011
    Size: 112.71 kB
  5. gcc-toolset-10-gcc-gfortran-10.3.1-1.2.el8.x86_64.rpm
    MD5: 9543291902396d206ecceaba7a3616c0
    SHA-256: c02088f668cd533729ed0c642c66b22ea7ecedefcf1cfa9e112d9e878438d64b
    Size: 12.84 MB
  6. gcc-toolset-10-libasan-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: c758908348f8676385d4f626e22ec7f8
    SHA-256: c78e6912d697e11e7f3cac2f61cc7eaca961cc9ed9b0b7f1c02a7b2fc14eb31e
    Size: 445.53 kB
  7. gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: b1d44c94aabb4a8203ce1c247a2eb2bc
    SHA-256: 92eb43510a7a4d5fb72f68e1a6d1c0dd347a846381a0cc66956d2b190cae6d6b
    Size: 23.97 kB
  8. gcc-toolset-10-libitm-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: 8376bf52c1dfa123f0bd3f95723fa55d
    SHA-256: a6e0b987909085932737801b6fab6809f116a84a908be695d18c776d8a62f4b1
    Size: 58.04 kB
  9. gcc-toolset-10-liblsan-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: d84fd3bab1675f0bb95f4fe6bcef3adf
    SHA-256: 91898df5b999295ca7033993eacafb7f2b14c8800adb0d2819f891157631c275
    Size: 224.34 kB
  10. gcc-toolset-10-libquadmath-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: f0f332262cf89c16b6f3509c15593da3
    SHA-256: 4e26cdc79e41c701339d958f7d4646f6ddd09410f2f2b12ff629f4bf2da45c48
    Size: 177.57 kB
  11. gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: 8dd3854da7ff12d3c19e52e4886d358c
    SHA-256: 4ebf4de1794309743f7e5711a7fa0f38449d20dd5cd2854b6d3f0306356b73f0
    Size: 2.95 MB
  12. gcc-toolset-10-libstdc++-docs-10.3.1-1.2.el8.x86_64.rpm
    MD5: 7571537c8971f42655cc7619881bc954
    SHA-256: c81186fe77139672749163c4906164a1950a608a99fea810cc8faf55a548717e
    Size: 11.18 MB
  13. gcc-toolset-10-libtsan-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: 61c17a85252384656bdf8c0d10022190
    SHA-256: 3b4a32436da9251e161b04361928f08d5197c1fbf36affb897eea6f1267da36b
    Size: 414.61 kB
  14. gcc-toolset-10-libubsan-devel-10.3.1-1.2.el8.x86_64.rpm
    MD5: af828099e7cc9d4ff73c5055e53bdf0a
    SHA-256: 3ee75559a1005d113fa179b4be5099c80ab1c0e0b8bc72f6fdad121af1c8b1bb
    Size: 210.90 kB
  15. libasan6-10.3.1-1.2.el8.x86_64.rpm
    MD5: 0d0929e56a76b5d2dd683713765d3d70
    SHA-256: fa11af1b131243e9744db11675bbca50b16d21bbecedf2f11c81a2f7e30a16eb
    Size: 384.46 kB