gcc-toolset-10-binutils-2.35-8.el8.6
エラータID: AXSA:2021-2879:01
リリース日:
2021/12/27 Monday - 12:38
題名:
gcc-toolset-10-binutils-2.35-8.el8.6
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- binutils には、Unicode の仕様における双方向アルゴリズムに問題
があり、これを利用して攻撃者が Unicode に対応するコンパイラの
ソースコードをエンコードし、ターゲットとなる脆弱性をレビュワー
には見えない形で導入する、トロイの木馬による攻撃が可能な脆弱性
があります。(CVE-2021-42574)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
追加情報:
N/A
ダウンロード:
SRPMS
- gcc-toolset-10-binutils-2.35-8.el8.6.src.rpm
MD5: 0d33e04247f291c220d6460bd3e9057d
SHA-256: 5e689e167c0b5063bba5eb88b5a8ddf056aac397cae8a2a81ddc07f380915e9b
Size: 21.34 MB
Asianux Server 8 for x86_64
- gcc-toolset-10-binutils-2.35-8.el8.6.x86_64.rpm
MD5: 5236b5f3c75bb26acd0ca4cfa7a4f289
SHA-256: b53b92e134640d8c8461be38523498945070ee0b0986f5efd83efc03273b6687
Size: 6.46 MB - gcc-toolset-10-binutils-devel-2.35-8.el8.6.x86_64.rpm
MD5: 0f5895e463dc477b227f665654f7dcff
SHA-256: fbe486f89c9a228afc7bc5e5dc7fdb1d839719b43efd5bf647e65bf1551e5309
Size: 1.04 MB