annobin-9.72-1.el8.2
エラータID: AXSA:2022-2958:01
リリース日:
2022/01/14 Friday - 16:44
題名:
annobin-9.72-1.el8.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- annobin には、Unicode の仕様における双方向アルゴリズムに問題があり、
これを利用して攻撃者が Unicode に対応するコンパイラのソースコードを
エンコードし、ターゲットとなる脆弱性をレビュワーには見えない形で導入する、
トロイの木馬による攻撃が可能な脆弱性があります。(CVE-2021-42574)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
追加情報:
N/A
ダウンロード:
SRPMS
- annobin-9.72-1.el8.2.src.rpm
MD5: 5deb9d3d4b2c4f8a891a96e14b5c75b6
SHA-256: 55ae2cf1b0b481b1bbcc77c9638edcd3a7db732faa5a0b93ca03abd9c2e0363d
Size: 516.45 kB
Asianux Server 8 for x86_64
- annobin-9.72-1.el8.2.x86_64.rpm
MD5: bcc5205e10ca707856a98a0993ea7d23
SHA-256: 483ff893bacaacfb26fbbcbc585940dfd6f0060cbfb54c27b20295b870c47c97
Size: 109.68 kB - annobin-annocheck-9.72-1.el8.2.x86_64.rpm
MD5: 9c962d240eb23de5f68adf2ec375c2b0
SHA-256: 6e0b6ef93caaeef6cb71ff83e6dec7e6ab656f7f13c0527ea512e90f32404338
Size: 130.75 kB