Explore top 10 tips to secure your open-source projects now. Read More
×
Synopsis: Moderate: binutils security update Advisory ID: SLSA-2021:4033-1 Issue Date: 2021-11-02 CVE Numbers: CVE-2021-42574 -- Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "-- unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "-- unicode=escape" will display them as Unicode escape sequences. Using "-- unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - binutils-2.27-44.base.el7_9.1.x86_64.rpm - binutils-debuginfo-2.27-44.base.el7_9.1.i686.rpm - binutils-debuginfo-2.27-44.base.el7_9.1.x86_64.rpm - binutils-devel-2.27-44.base.el7_9.1.i686.rpm - binutils-devel-2.27-44.base.el7_9.1.x86_64.rpm -- - Scientific Linux Development Team