Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedoracritical patchFedora 36: FEDORA-2022-42ea499a7d Critical Annobin Security Update
This update provides the latest release of Firefox, with many bug fixes including critical security issues. It also includes updates to gcc and annobin which were necessary to build Firefox, with the following fixes: * fix up promoted SUBREG handling (#2045160, PR rtl-optimization/104839) * fix up check for asm goto (PR rtl-optimization/104777) * Upstream bugs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-42ea499a7d 2022-03-17 18:37:10.061250 --------------------------------------------------------------------------------Name : annobin Product : Fedora 36 Version : 10.57 Release : 3.fc36 URL : None Summary : Annotate and examine compiled binary files Description : This package contains the tools needed to annotate binary files created by compilers, and also the tools needed to examine those annotations. One of the tools is a plugin for GCC that records information about the security options that were in effect when the binary was compiled. Note - the plugin is automatically enabled in gcc builds via flags provided by the redhat-rpm-macros package. One of the tools is a plugin for Clang that records information about the security options that were in effect when the binary was compiled. One of the tools is a plugin for LLVM that records information about the security options that were in effect when the binary was compiled. One of the tools is a security checker which analyses the notes present in annotated files and reports on any missing security options. --------------------------------------------------------------------------------Update Information: This update provides the latest release of Firefox, with many bug fixes including critical security issues. It also includes updates to gcc and annobin which were necessary to build Firefox, with the following fixes: * fix up promoted SUBREG handling (#2045160, PR rtl-optimization/104839) * fix upcheck for asm goto (PR rtl-optimization/104777) * Upstream bugs () fixed: 70077, 79493, 80270, 84519, 87496, 88134, 90148, 91384, 96526, 99297, 99555, 99585, 100400, 100407, 100541, 100757, 101325, 101636, 101983, 102276, 102429, 103037, 103302, 103443, 103521, 103836, 103845, 103856, 103984, 104061, 104121, 104131, 104132, 104133, 104154, 104208, 104381, 104430, 104434, 104489, 104529, 104533, 104540, 104550, 104552, 104558, 104573, 104589, 104601, 104602, 104618, 104619, 104627, 104633, 104637, 104644, 104648, 104656, 104659, 104664, 104667, 104674, 104675, 104676, 104677, 104679, 104681, 104682, 104686, 104687, 104698, 104700, 104704, 104715, 104716, 104721, 104724, 104725, 104726, 104727, 104728, 104730, 104732, 104736, 104748, 104757, 104758, 104761, 104775, 104779, 104781, 104782, 104784, 104791, 104794, 104797, 104807, 104825, 104838 --------------------------------------------------------------------------------ChangeLog: * Wed Mar 9 2022 Jakub Jelinek - 10.57-3 - NVR bump to allow rebuild for new GCC. * Wed Mar 9 2022 Jakub Jelinek - 10.57-2 - NVR bump to allow rebuild for new GCC. * Mon Mar 7 2022 Nick Clifton - 10.57-1 - Annocheck: Update documentation and fix typo in annocheck. (#2061291) * Fri Mar 4 2022 Nick Clifton - 10.56-1 - Annocheck: Add option to enable/disable following symbolic links. * Mon Feb 28 2022 Nick Clifton - 10.55-1 - Always identify Rust binaries, even if built on a host that does not know about Rust. (#2057737) --------------------------------------------------------------------------------References: [ 1 ] Bug #2045160 - Cython: FTBFS in Fedora rawhide/f36 ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=2045160 [ 2 ] Bug #2045380 - firefox: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045380 [ 3 ] Bug #2045404 - game-music-emu: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045404 [ 4 ] Bug #2056613 - gcc-12.0.1-0.8.fc36 gives wrong-Wdangling-pointer warnings related to `for(;;)` https://bugzilla.redhat.com/show_bug.cgi?id=2056613 [ 5 ] Bug #2057193 - f36 composes still have firefox 96, f34 f35 have firefox 97 https://bugzilla.redhat.com/show_bug.cgi?id=2057193 [ 6 ] Bug #2057492 - internal compiler error by kstars build with gcc-12.0.1-0.8.fc37.ppc64le https://bugzilla.redhat.com/show_bug.cgi?id=2057492 [ 7 ] Bug #2060755 - Firefox: GCC 12 linking error https://bugzilla.redhat.com/show_bug.cgi?id=2060755 [ 8 ] Bug #2063961 - Fedora ARM - Firefox fails to open on aarch64 Workstation https://bugzilla.redhat.com/show_bug.cgi?id=2063961 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-42ea499a7d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 17, 2022
•Critical
Fedora
98
security advisorymoderateupdateRed Hat: RHSA-2021-4729:02 Moderate: devtoolset-11-annobin Security Fix
An update for devtoolset-11-annobin is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: devtoolset-11-annobin security update Advisory ID: RHSA-2021:4729-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:4729 Issue date: 2021-11-18 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for devtoolset-11-annobin is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm ppc64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64.rpm ppc64le: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64le.rpm s390x: devtoolset-11-annobin-annocheck-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.s390x.rpm x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.7): Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm ppc64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64.rpm ppc64le: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64le.rpm s390x: devtoolset-11-annobin-annocheck-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.s390x.rpm x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYZZmBNzjgjWX9erEAQh70A/9HG8OIuhA3BL1C+bG6+lX2bsIke99PApB lXL2fyRtB+/F+L0ak77WNxK8tImb9F6QFLFa241EiwBKeQ4sGy4es/tZ8b5L3ad8 9Tb34+W2OZ3qjyZG9ni5vNEopu4t/6URZ9EUwp4B4EEH55nhwibCS0XBPWXSn/mi YKdorAiWUjWh6emNbSuiTMfbXd2QMThIMisG/ZPmAZDR2+PsjErgWItHg1YmLbmU N0gTKqoYPQbHKqF5p4SgzMV8LJlfllR4y6do3vT7392QBlyqtBw1I+MvoRrot247 LADC3W8kHwuxzdYvFW/05QrTPbkFWIvQV5MOKHL4+vbS3/eDFvX1NqWXRTVouj1Z /StR8Obq1kagwV3K5bsFzPmBzc53Oejl7lp7KHJ+cVNgeabdYtVYWS5rAP+wFlrV kXRXwIdPSbxlLY5OU4LpVNZ+ZpGGZ82oL7+hV0WLp7CGNaHuRVlToMyEFo7sYIqK K0INIfN+bz5RO93VofbEBUP6AZO/NZLsEKeDiQNyq0WdFYOeI3o8JSC3Vhv38+vh Z13G0VCT0hQn96Yd0Fgv4vKUZYI3hDlb6mEupFTUVK+KAKyCrG5BBx7i7jTBXt4H tVTzHPuf2bMiPUeKEMyFLeMQkEPYDujoxMwaxIQhohPCO/i6xWpDP16EQn5H+UcD x5ZpMEpNVEE=LJM+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 18, 2021
Red Hat
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 8 RHSA-2021:4593 Moderate Annobin Unicode Attack
An update for annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: annobin security update Advisory ID: RHSA-2021:4593-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4593 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: annobin-9.72-1.el8_5.2.src.rpm aarch64: annobin-9.72-1.el8_5.2.aarch64.rpm annobin-annocheck-9.72-1.el8_5.2.aarch64.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.aarch64.rpm annobin-debuginfo-9.72-1.el8_5.2.aarch64.rpm annobin-debugsource-9.72-1.el8_5.2.aarch64.rpm ppc64le: annobin-9.72-1.el8_5.2.ppc64le.rpm annobin-annocheck-9.72-1.el8_5.2.ppc64le.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.ppc64le.rpm annobin-debuginfo-9.72-1.el8_5.2.ppc64le.rpm annobin-debugsource-9.72-1.el8_5.2.ppc64le.rpm s390x: annobin-9.72-1.el8_5.2.s390x.rpm annobin-annocheck-9.72-1.el8_5.2.s390x.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.s390x.rpm annobin-debuginfo-9.72-1.el8_5.2.s390x.rpm annobin-debugsource-9.72-1.el8_5.2.s390x.rpm x86_64: annobin-9.72-1.el8_5.2.x86_64.rpm annobin-annocheck-9.72-1.el8_5.2.x86_64.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.x86_64.rpm annobin-debuginfo-9.72-1.el8_5.2.x86_64.rpm annobin-debugsource-9.72-1.el8_5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYvZ6dzjgjWX9erEAQhHiQ//R6JZeNlOCTcDKFkLUIVIWM6Erqvy5d5g uCcnrNlAKIrFxwDU4eTAug7VzRC+LcFZh1/el7TVyMhVGmX5qBziYLKr0oLfc5J2 bXcIRDIRDlEMAkIZN7slXxDV89viylndbufOe7I9dp/z4ZU1cnb+2rAtToPAeA0X MMu84u41BTh+7V4ZDOZSFXZ7H+aV9NGnDZTp5n2/FJjMZiEIlO+KOB8lD0eO+e5O KMLLdKUcPZyqxp8xiQZVtXKeK3RO5QwT7fLCLFW+LOqH10hc/cl6qOeaHhYRyj7G HEhcNKr764DoHumrfc4aLDHCVVr5+aEbWl7pGcdlQoAbXLfznD0ZApI9RuwV42Qk rtXB7bV+/kHN85C35BliWYwch00ELiIGmy9YwA7vUxMz7O/QfqvPZ5nqJ8PSm3RU UxDvC0ucFJXDRYmK0V7XMwBDHfhHBU9UulL8ztH+p8Oe1Sfoj8qz7HQxfeYcmN1V Z5ELQbRDWducWM15lAChps8+WKWNw/RMpfzCWfRQnJPH38caKrdIKfA0Mz7GMLCT SI0K23eKL54+Q55+7Lnws78nw2ywSJYgqGXZ8NHDycLhGkj+M4/AiH0lnZ4MDD3E I4iJE9hMCB2JeO5SWLR/vbtgMG5Upky7CZGXC+52fQYxMn2r4czgkX8Y/6i7/IMh 8G9Xy0rLtUk=Ke8O -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021
Red Hat
98
security advisorymoderatered hat enterpriseRedHat: RHSA-2021-4599 Moderate: Annobin Trojan Source Risk
An update for annobin is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: annobin security update Advisory ID: RHSA-2021:4599-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4599 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for annobin is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: annobin-8.78-1.el8_1.1.src.rpm aarch64: annobin-8.78-1.el8_1.1.aarch64.rpm annobin-debuginfo-8.78-1.el8_1.1.aarch64.rpm annobin-debugsource-8.78-1.el8_1.1.aarch64.rpm ppc64le: annobin-8.78-1.el8_1.1.ppc64le.rpm annobin-debuginfo-8.78-1.el8_1.1.ppc64le.rpm annobin-debugsource-8.78-1.el8_1.1.ppc64le.rpm s390x: annobin-8.78-1.el8_1.1.s390x.rpm annobin-debuginfo-8.78-1.el8_1.1.s390x.rpm annobin-debugsource-8.78-1.el8_1.1.s390x.rpm x86_64: annobin-8.78-1.el8_1.1.x86_64.rpm annobin-debuginfo-8.78-1.el8_1.1.x86_64.rpm annobin-debugsource-8.78-1.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYvZz9zjgjWX9erEAQjnow/7Bs1wsBqJaOB/M4xTW29Zt4dn1AxxMACZ Gu1AmyWZ5LPV+6nUSU8MH8kao4RQ7HIrL9Z/CTwBC/41mYiXSXZd5MYu11tKCFCX D9FdskTVy87TBi0F98g5GkO4AbCVTgpFtvXQIfquLoaYLvay7iij+KHVUHS4E2JY KBqq3C9+P3bTQeKq72nC8AqNJ817Fiytp7Awd7wY1d9ZmQ1mn0itlunCS/+iUO8Y Eu9V+3ciNf6kAYOj0Q3LYKoNrvUDsEpDTLDH4Tk0hrMX6Twwy9Ob+qhD6uYuiOaf Fn4KPmW+lR3S8++3tyW9gV1VQDZ8J2inSCczBCQAOOzvVA6KtGCadFYjgNqcA4YJ kvxYeo6+YaVeSrGCsu7bgSNq4e0LPoQ/bU0EFaA8xjYyoKKIHc60rQTD45gXrvop JjFLQ4FDly4Brg/y+poGvRpUTMGkr2LooglqZJBh1VSJBP6l9XvkjRI8reRmbqPy zoCXh3GNhsvv1yh76jlgsEfvMROmn1rJAdKhH3yISxMymzWCKfRO5BcuTrKZuYzb AtF4KKHwCZWheVqOmXC1LWzJzqBfHn8emr2QriQf87Ge3WAp+H/qo3IpmFlW8DAr iPyNSyAua2HzlklWnmMKOg2A+MugyJczptt13cEV3fN5ySeCsw6nNTF4d5CPCAyQ NzG5xWYOFyw=w/JN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021
Red Hat
98
security advisoryRed Hatmoderate severityRed Hat Enterprise Linux 8.2: RHSA-2021-4600 Moderate Annobin Trojan Issue
An update for annobin is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: annobin security update Advisory ID: RHSA-2021:4600-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4600 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for annobin is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: annobin-8.90-1.el8_2.1.src.rpm aarch64: annobin-8.90-1.el8_2.1.aarch64.rpm annobin-debuginfo-8.90-1.el8_2.1.aarch64.rpm annobin-debugsource-8.90-1.el8_2.1.aarch64.rpm ppc64le: annobin-8.90-1.el8_2.1.ppc64le.rpm annobin-debuginfo-8.90-1.el8_2.1.ppc64le.rpm annobin-debugsource-8.90-1.el8_2.1.ppc64le.rpm s390x: annobin-8.90-1.el8_2.1.s390x.rpm annobin-debuginfo-8.90-1.el8_2.1.s390x.rpm annobin-debugsource-8.90-1.el8_2.1.s390x.rpm x86_64: annobin-8.90-1.el8_2.1.x86_64.rpm annobin-debuginfo-8.90-1.el8_2.1.x86_64.rpm annobin-debugsource-8.90-1.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYvZo9zjgjWX9erEAQh6ig/8CEoRQM/Eg5RJqcraJeo9LwPKN3cKZnME PfmsKlH3az+4CB9dDmkYLlCVxVkPgwiq57frvsT15H/YnnFcRye21GtTHlRNPGvZ LwCMiTO1YwN/9RvdH8LQSZ/CWJSYg0wMcVNJO3Wnv5iuZQX8Ltfq/XEMGCvslAMG QwS8E7mU0JrKlyIv8l25QeF0t+ejvjbUdMEvO0N38i+opYtjoJWiyH2wvq0GDxe5 tgUFF5Uz4fmGyA9PQTdWXFGziLiHn9vmTNwrqLL46E2tHrEQhupWAgJBTx61xjpa Z84VuEU80IrY47S44aJ4oRum9PghydFXU0Y6+BWJfrzh1u3pEUb/+RIYO4Tt+7yn 1qLbKwakV8BocFsvwCDDItjW+fSXm2YSvBY6dnrSdnLkK7mvZD7Sqqlv1Q1bZOIb ycrZZrmAa0j3cTE77gVHVo6Xl2oiZR2/KsqTLbk61J508J1pr/ov7jMOhffFpg9A 02FiWN2fDxflKE3S+rauwe/EIoP+EPVItptSgkng6SW+NkVjlyp6QtBDOIohdZzm mrgbhI+CqAmWXsp8aKYFSocKJR9rq6zotemaCFNu0Z0hi6BMZ9BYItdxLcGdYdNW lv26l/He1krddw6hux6YBaeMZQjqR9A8B1v1e7l8l6TBsPYuZqGE4v0zT6a6+iIC 6HK37UtQoc4=Mp56 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021
Red Hat
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 8.4: Moderate RHSA-2021-4598 Annobin Trojan
An update for annobin is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: annobin security update Advisory ID: RHSA-2021:4598-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4598 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for annobin is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.4): Source: annobin-9.50-1.el8_4.1.src.rpm aarch64: annobin-9.50-1.el8_4.1.aarch64.rpm annobin-annocheck-9.50-1.el8_4.1.aarch64.rpm annobin-annocheck-debuginfo-9.50-1.el8_4.1.aarch64.rpm annobin-debuginfo-9.50-1.el8_4.1.aarch64.rpm annobin-debugsource-9.50-1.el8_4.1.aarch64.rpm ppc64le: annobin-9.50-1.el8_4.1.ppc64le.rpm annobin-annocheck-9.50-1.el8_4.1.ppc64le.rpm annobin-annocheck-debuginfo-9.50-1.el8_4.1.ppc64le.rpm annobin-debuginfo-9.50-1.el8_4.1.ppc64le.rpm annobin-debugsource-9.50-1.el8_4.1.ppc64le.rpm s390x: annobin-9.50-1.el8_4.1.s390x.rpm annobin-annocheck-9.50-1.el8_4.1.s390x.rpm annobin-annocheck-debuginfo-9.50-1.el8_4.1.s390x.rpm annobin-debuginfo-9.50-1.el8_4.1.s390x.rpm annobin-debugsource-9.50-1.el8_4.1.s390x.rpm x86_64: annobin-9.50-1.el8_4.1.x86_64.rpm annobin-annocheck-9.50-1.el8_4.1.x86_64.rpm annobin-annocheck-debuginfo-9.50-1.el8_4.1.x86_64.rpm annobin-debuginfo-9.50-1.el8_4.1.x86_64.rpm annobin-debugsource-9.50-1.el8_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYvZdtzjgjWX9erEAQhhfA//cW0OcTRA73/Q+y7C/+Th/u7sxK957Ljs NCjGqF7J193p5WHf62hU5soGfMAcID/gnr7fBCT7MFMiiYYdQdKnr4DWud70kAF+ B5hJkmKaCLoI9e7Et9TnJeLxyQbuBSSHxioAJp0jmC0YlDdZpu1VrOQrsBLFK44w 0jtrTX8TcvMuRdNTjSZlU5EYXYSw+iCkN5RBj2vCCivffKCPyfok5LEB+Y6vEbf+ jE2iM763tZXCoxVWCk9xyJ19UPXv9WaqlJs58Je9/PkLJflq2wEX7xzQgE/hfDRf tH4H3f344vK5LwYlzIEoHL3BhprpKduL9aGMKt19K4NPi9QvrC9V6Nj7mCn17HXn F1NeFeGlRxus7aSwCAStidqSflbJLrl726Q9xr8m4EjRVVImWyvX/8bwreU0o6N1 RHMCKn4JqcUaeNBvo7jTLeSYqrDwzJsSWt+SonU50L/xeq+sD50LnPZY0uVV9x7j PpPS9kGddVDrDmmkTcwHwf2KS/k2P4bgkqMKwvhIniqVN9EFfnsgelwMX8maa2kw qlJVsGGv9sfaNB9a+6y3h/p0vgWru/tjy/A+xiEOSSe6TmDHInnHMVdVE1Nch2go d9saNypvo5s7tZhTrWPUYcoxA+/6K2s3JWkK5kmeqlOlFyA8bpsQ/U89sLHyd92V dYCUI8zQcCk=CrJD -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!