Synopsis:          Moderate: binutils security update
Advisory ID:       SLSA-2021:4033-1
Issue Date:        2021-11-02
CVE Numbers:       CVE-2021-42574
--

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override
characters  can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:

Tools which display names or strings (readelf, strings, nm, objdump) have
a  new command line option --unicode / -U which controls how Unicode
characters are handled.

Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used.  Using "--
unicode=locale" will display them according to the current locale.  Using
"--unicode=hex" will display them as hex byte values.  Using "--
unicode=escape" will display them as Unicode escape sequences.  Using "--
unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE


---
SL7
 x86_64
 - binutils-2.27-44.base.el7_9.1.x86_64.rpm
 - binutils-debuginfo-2.27-44.base.el7_9.1.i686.rpm
 - binutils-debuginfo-2.27-44.base.el7_9.1.x86_64.rpm
 - binutils-devel-2.27-44.base.el7_9.1.i686.rpm
 - binutils-devel-2.27-44.base.el7_9.1.x86_64.rpm
--

- Scientific Linux Development Team