annobin-9.72-1.el8.2

エラータID: AXSA:2022-2958:01

Release date: 
Friday, January 14, 2022 - 16:44
Subject: 
annobin-9.72-1.el8.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Annobin provides a compiler plugin to annotate and tools to examine compiled binary files.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters:

This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. annobin-9.72-1.el8.2.src.rpm
    MD5: 5deb9d3d4b2c4f8a891a96e14b5c75b6
    SHA-256: 55ae2cf1b0b481b1bbcc77c9638edcd3a7db732faa5a0b93ca03abd9c2e0363d
    Size: 516.45 kB

Asianux Server 8 for x86_64
  1. annobin-9.72-1.el8.2.x86_64.rpm
    MD5: bcc5205e10ca707856a98a0993ea7d23
    SHA-256: 483ff893bacaacfb26fbbcbc585940dfd6f0060cbfb54c27b20295b870c47c97
    Size: 109.68 kB
  2. annobin-annocheck-9.72-1.el8.2.x86_64.rpm
    MD5: 9c962d240eb23de5f68adf2ec375c2b0
    SHA-256: 6e0b6ef93caaeef6cb71ff83e6dec7e6ab656f7f13c0527ea512e90f32404338
    Size: 130.75 kB