gcc-toolset-11-annobin-9.85-1.el8.1, gcc-toolset-11-binutils-2.36.1-1.el8.1, gcc-toolset-11-gcc-11.2.1-1.2.el8

エラータID: AXSA:2021-2882:01

Release date: 
Monday, December 27, 2021 - 21:49
Subject: 
gcc-toolset-11-annobin-9.85-1.el8.1, gcc-toolset-11-binutils-2.36.1-1.el8.1, gcc-toolset-11-gcc-11.2.1-1.2.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the ar,
as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and
addr2line utilities.

The gcc packages provide compilers for C, C++, Java, Fortran,
Objective C, and Ada 95 GNU, as well as related support libraries.

Annobin provides a compiler plugin to annotate and tools to examine compiled
binary files.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:

Tools which display names or strings (readelf, strings, nm, objdump) have a new
command line option --unicode / -U which controls how Unicode characters are
handled.

Using "--unicode=default" will treat them as normal for the tool. This is the
default behaviour when --unicode option is not used.
Using "--unicode=locale" will display them according to the current locale.
Using "--unicode=hex" will display them as hex byte values.
Using "--unicode=escape" will display them as Unicode escape sequences.
Using "--unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode
Specification through 14.0. It permits the visual reordering of characters via
control sequences, which can be used to craft source code that renders different
logic than the logical ordering of tokens ingested by compilers and
interpreters. Adversaries can leverage this to encode source code for compilers
accepting Unicode such that targeted vulnerabilities are introduced invisibly to
human reviewers.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. gcc-toolset-11-annobin-9.85-1.el8.1.src.rpm
    MD5: 02d4fbef211a90c9fdcc5e058e301445
    SHA-256: 47f6c5a8c719d71140fcf92c7201d59c44b173c2701a8bf31b9bb0124a503f74
    Size: 522.51 kB
  2. gcc-toolset-11-binutils-2.36.1-1.el8.1.src.rpm
    MD5: cb87ee201f621052f7699e29d874f89f
    SHA-256: bfb0ac5d8095b34f07813df5f4bd9bebb45ddcf6c5554930954d24f0d403b63f
    Size: 21.89 MB
  3. gcc-toolset-11-gcc-11.2.1-1.2.el8.src.rpm
    MD5: 2a5e9fdad6ac75df77290ba297b61de7
    SHA-256: 774f1b863292a4c65e6f98d615afdf4eb51cb49e040fe74a5fb2ecf67882dde9
    Size: 87.26 MB

Asianux Server 8 for x86_64
  1. gcc-toolset-11-annobin-annocheck-9.85-1.el8.1.x86_64.rpm
    MD5: 369ea2052f0ac5929e2d77ed5d69a371
    SHA-256: e16a6ab242f53d26a0565c538658a34427d0c619186dea7041d2cea065e78d6f
    Size: 127.14 kB
  2. gcc-toolset-11-annobin-docs-9.85-1.el8.1.noarch.rpm
    MD5: 17ef1db0d0a39d305832b489598f89ba
    SHA-256: 7ecd89081b8ca250fc922ffca114488a2dfe82a142ba594a656f777d75125c06
    Size: 92.92 kB
  3. gcc-toolset-11-annobin-plugin-gcc-9.85-1.el8.1.x86_64.rpm
    MD5: 6d7ec875b0f8ef65764e44b641086733
    SHA-256: 645fff63d3b9042a6a4639a30bbc256c3e34eef44b4e518e1f746e817c4f3790
    Size: 54.96 kB
  4. gcc-toolset-11-binutils-2.36.1-1.el8.1.x86_64.rpm
    MD5: efed6b01e5afd4f3b46afe34060978c4
    SHA-256: 5b7766c3fbda1595353328fb264d90a480102481d376d497086b526abb0567bb
    Size: 6.47 MB
  5. gcc-toolset-11-binutils-devel-2.36.1-1.el8.1.x86_64.rpm
    MD5: 9314c6abf357b771d2ebe7b2d7e41c00
    SHA-256: 0cbf0f96603df28c38902e574808d805489e10c242d4330ec3c2e27e95cd8fb8
    Size: 1.11 MB
  6. gcc-toolset-11-gcc-11.2.1-1.2.el8.x86_64.rpm
    MD5: 90f937e432a8ac82cc0f4625e35562ff
    SHA-256: 98b0571c6d133745e0344e2b98f9ba5f640407682773a9f61afbd622218e6ee4
    Size: 32.94 MB
  7. gcc-toolset-11-gcc-c++-11.2.1-1.2.el8.x86_64.rpm
    MD5: e2b361e8d853d0cfeb02cd90bffa8311
    SHA-256: a6511754b807953e29b39caa9466018f74157b907289902b9fbcd62a0b258816
    Size: 12.80 MB
  8. gcc-toolset-11-gcc-gdb-plugin-11.2.1-1.2.el8.x86_64.rpm
    MD5: 1975b1366a8fe6b6ed8c847b4b0dd61a
    SHA-256: cb41cb97020a136fe13d27fd177be0ebf89994fada357086e7142a554430add0
    Size: 113.70 kB
  9. gcc-toolset-11-gcc-gfortran-11.2.1-1.2.el8.x86_64.rpm
    MD5: 208c8d728c7c5935c18e6f3713073d43
    SHA-256: 60542e6c01b2525ab6f867c089d0d1d7222d75205b9d8660246e8a074d25b63c
    Size: 13.47 MB
  10. gcc-toolset-11-gcc-plugin-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: a2221a5934279484cf44e4535ff9be38
    SHA-256: 3036c39022a729629d2e09c96cf90c8b2cd99e44493c06173554d2a5e32027c3
    Size: 1.56 MB
  11. gcc-toolset-11-libasan-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: 8fa7dedb72b4646e14ce0b0ada19d111
    SHA-256: 1e1f809a4609ffa8a1c934a73d6ce1e4bd0cf01000584f19b1a46602d3bc58dd
    Size: 460.39 kB
  12. gcc-toolset-11-libatomic-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: d762e81dfecbb1a0451a83b79af4d993
    SHA-256: e27f6716dd61f112d29532e8fec385128ec31b5ae120dee708fb8fd863d1e60a
    Size: 25.93 kB
  13. gcc-toolset-11-libgccjit-11.2.1-1.2.el8.x86_64.rpm
    MD5: 731af0c448d3e6784d26293aa5b2a1cb
    SHA-256: afda8b0fb8dcdb7fcafa03e234a2e144e5350c71a10f5c5a09fdbb0a12cf9d7e
    Size: 8.78 MB
  14. gcc-toolset-11-libgccjit-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: d636430d0be553816bb78b5798d011ae
    SHA-256: 6dc1a4d3f29ac1739d5be2d83a05188e7ef80ad7d6a3895b6b2931d6aa5754c7
    Size: 30.27 kB
  15. gcc-toolset-11-libgccjit-docs-11.2.1-1.2.el8.x86_64.rpm
    MD5: bbe0da43e60296587246195d08efb36b
    SHA-256: 4246a86eddd996d813e3f849fa64b12a0b8ce7b160ad4c0833deaa6e17505fc8
    Size: 589.14 kB
  16. gcc-toolset-11-libitm-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: b955882703c4eb94ca810a7a1ba7b700
    SHA-256: 02f6f9b87cce5a4cb504714fe5e403c35bbe7a140443d92c485362097903c0b1
    Size: 59.74 kB
  17. gcc-toolset-11-liblsan-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: f794c40a7b3b2e8f651514aca6067269
    SHA-256: 7e8596164e17dcf45742d0ae09d2a40472c49ad8d2998690dd2b8bd2f4a32797
    Size: 234.77 kB
  18. gcc-toolset-11-libquadmath-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: ce775febe7aa32b3f868795d1ca107eb
    SHA-256: 8229e618518956b11b9cfa91d201e6f24066ed302014aaf7805c584034b43739
    Size: 178.67 kB
  19. gcc-toolset-11-libstdc++-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: fca59a7a3c266f1cce5a7ae845a22349
    SHA-256: fe0d5f79de1befd30eca4b41f5837f74d0fdebc9ac5714eee38e6c2e10892173
    Size: 3.24 MB
  20. gcc-toolset-11-libstdc++-docs-11.2.1-1.2.el8.x86_64.rpm
    MD5: ad314aad2e4589705bb21c6f64844d7a
    SHA-256: 117d89b32f65087b17652b1fa8369d2c1326242d979bd0085151f1462e6def99
    Size: 11.77 MB
  21. gcc-toolset-11-libtsan-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: 4ddb1ab298244b5d2a4ce147bc9a3a67
    SHA-256: c0991df284b18d24c0506cbe0b8ac6a721f9aced475a9155c1586c5bc43ef1f1
    Size: 429.30 kB
  22. gcc-toolset-11-libubsan-devel-11.2.1-1.2.el8.x86_64.rpm
    MD5: c23ff51635d909d8782d1a98eae4bd40
    SHA-256: 47f99e123394aa46636292b8eaa09c71b9ee0624c83245830a6a904fb646dede
    Size: 221.71 kB
  23. libasan6-11.2.1-1.2.el8.x86_64.rpm
    MD5: 552f5b1578b579016df852691af7ab07
    SHA-256: 4e5e4b9c41a728b28843ef12b517bc261ee00984c6eb098e9cbc2f1f5ac2ef67
    Size: 396.52 kB