Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 9 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

RedHat: RHSA-2021-4743 Moderate: llvm-toolset:rhel8 Trojan Source Threat

An update for the llvm-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: llvm-toolset:rhel8 security update Advisory ID: RHSA-2021:4743-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4743 Issue date: 2021-11-18 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for the llvm-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in clang in order to facilitate detection of BiDi Unicode characters: clang-tidy now finds identifiers that contain Unicode characters with right-to-left direction, which can be confusing as they may change the understanding of a whole statement. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in theReferences section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.src.rpm compiler-rt-12.0.1-1.module+el8.5.0+11871+08d0eab5.src.rpm libomp-12.0.1-1.module+el8.5.0+11871+08d0eab5.src.rpm lld-12.0.1-1.module+el8.5.0+11871+08d0eab5.src.rpm lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.src.rpm llvm-12.0.1-2.module+el8.5.0+12488+254d2a07.src.rpm llvm-toolset-12.0.1-1.module+el8.5.0+11871+08d0eab5.src.rpm python-lit-12.0.1-1.module+el8.5.0+11871+08d0eab5.src.rpm aarch64: clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-debugsource-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-devel-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-libs-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-libs-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-resource-filesystem-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-tools-extra-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm clang-tools-extra-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm compiler-rt-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm compiler-rt-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm compiler-rt-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm git-clang-format-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm libomp-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm libomp-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm libomp-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm libomp-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm libomp-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm libomp-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-libs-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-libs-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lld-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lldb-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lldb-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm lldb-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm llvm-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-debugsource-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-devel-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-devel-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-googletest-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-libs-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-libs-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-static-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-test-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-test-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.aarch64.rpm llvm-toolset-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm python3-clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.aarch64.rpm python3-lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.aarch64.rpm noarch: clang-analyzer-12.0.1-4.module+el8.5.0+13246+cefb5d4c.noarch.rpm llvm-doc-12.0.1-2.module+el8.5.0+12488+254d2a07.noarch.rpm python3-lit-12.0.1-1.module+el8.5.0+11871+08d0eab5.noarch.rpm ppc64le: clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-debugsource-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-devel-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-libs-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-libs-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-resource-filesystem-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-tools-extra-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm clang-tools-extra-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm compiler-rt-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm compiler-rt-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm compiler-rt-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm git-clang-format-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm libomp-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm libomp-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm libomp-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm libomp-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm libomp-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm libomp-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-libs-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-libs-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lld-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lldb-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lldb-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm lldb-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm llvm-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-debugsource-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-devel-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-devel-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-googletest-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-libs-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-libs-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-static-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-test-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-test-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.ppc64le.rpm llvm-toolset-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm python3-clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.ppc64le.rpm python3-lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.ppc64le.rpm s390x: clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-debugsource-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-devel-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-libs-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-libs-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-resource-filesystem-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-tools-extra-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm clang-tools-extra-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm compiler-rt-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm compiler-rt-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm compiler-rt-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm git-clang-format-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm lldb-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm lldb-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm lldb-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm llvm-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-debugsource-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-devel-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-devel-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-googletest-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-libs-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-libs-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-static-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-test-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-test-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.s390x.rpm llvm-toolset-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm python3-clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.s390x.rpm python3-lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.s390x.rpm x86_64: clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-debugsource-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-debugsource-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-devel-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-devel-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-libs-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-libs-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-libs-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-libs-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-resource-filesystem-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-resource-filesystem-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-tools-extra-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-tools-extra-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm clang-tools-extra-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm clang-tools-extra-debuginfo-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm compiler-rt-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm compiler-rt-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm compiler-rt-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm compiler-rt-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm compiler-rt-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm compiler-rt-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm git-clang-format-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm git-clang-format-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm libomp-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm libomp-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm libomp-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm libomp-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm libomp-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm libomp-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm libomp-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm libomp-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm libomp-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm libomp-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm libomp-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm libomp-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-libs-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-libs-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-libs-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-libs-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-test-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lld-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lld-test-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lldb-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lldb-debuginfo-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lldb-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lldb-debugsource-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm lldb-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm lldb-devel-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm llvm-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-debugsource-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-debugsource-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-devel-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-devel-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-devel-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-devel-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-googletest-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-googletest-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-libs-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-libs-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-libs-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-libs-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-static-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-static-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-test-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-test-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-test-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.i686.rpm llvm-test-debuginfo-12.0.1-2.module+el8.5.0+12488+254d2a07.x86_64.rpm llvm-toolset-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm llvm-toolset-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm python3-clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.i686.rpm python3-clang-12.0.1-4.module+el8.5.0+13246+cefb5d4c.x86_64.rpm python3-lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.i686.rpm python3-lldb-12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZa6X9zjgjWX9erEAQjo3A/7BUxFnHLLt5RMcs1yxVt0jALclFN8F+2u WOts5QfkhmH84ljGf+A9vO5icjuGjALJ0amHfHGWoSXzK2BNqR/yrvX99roj+DqH NyKLMAMcSKIYKBD2fPB+54HoQyP1WRFTpwXAMcO4XKIZ6FRXiqGXdVzjGrEEwdgF 99PwKnWz96CcQIagEy+VmaAo9iUPDFRvPzVoee+T/ceN2YwiG3zVJw5cFhfug7Qj tzML+rGaZ1ocF8Hqz3cGmswGIBCTgHamWfSaekQSJZAkkxDSrulKdrDQ+TuU6Iok wFTRfk6qW5RJoOc968buKyhqtFXPiGEiXaLh4VJVnWZWz5eFk6TgOvEuM+67j+QY fpdgziy5XU4jiKNC7PQQBOezUBa71/LN1pnMYKpFYIZJMojbZvvJaF8Xsx1DO0KL 4nx5iYuy50fLSWJr56cUeEgLfysb7up3OP+HaXeisrMYnQL431Rc6HMzuVDllq9E ECeFMg6FpMPpW0Am7jRKl6BgMIfRxFWFij/URuI5yFSGMsc21AZjdTZT3cfz6222 JN6sijPiN7vtvpUb82WyDUOP0Pt/RvD8r7833Qcn7XwjbYfo/1v5o56pEfoJIywu PiZPciIflSNis09z3D77GmGliQEXKeGdoUB3pNSZJbLuf5ukQvMxXls0zXu6fToj pBKwrLzOfhI=jzty -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant update has been released for llvm-toolset in Red Hat Enterprise Linux 8 to address potential trojan source vulnerabilities. Ensure you download it promptly.. Red Hat, llvm-toolset, security update, trojan source, RHEL. . LinuxSecurity.com Team

Calendar 2 Nov 18, 2021 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateupdate

Red Hat: RHSA-2021-4729:02 Moderate: devtoolset-11-annobin Security Fix

An update for devtoolset-11-annobin is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: devtoolset-11-annobin security update Advisory ID: RHSA-2021:4729-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:4729 Issue date: 2021-11-18 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for devtoolset-11-annobin is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm ppc64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64.rpm ppc64le: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64le.rpm s390x: devtoolset-11-annobin-annocheck-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.s390x.rpm x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.7): Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm ppc64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64.rpm ppc64le: devtoolset-11-annobin-annocheck-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.ppc64le.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.ppc64le.rpm s390x: devtoolset-11-annobin-annocheck-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.s390x.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.s390x.rpm x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: devtoolset-11-annobin-9.82-1.el7.1.src.rpm noarch: devtoolset-11-annobin-docs-9.82-1.el7.1.noarch.rpm x86_64: devtoolset-11-annobin-annocheck-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-debuginfo-9.82-1.el7.1.x86_64.rpm devtoolset-11-annobin-plugin-gcc-9.82-1.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYZZmBNzjgjWX9erEAQh70A/9HG8OIuhA3BL1C+bG6+lX2bsIke99PApB lXL2fyRtB+/F+L0ak77WNxK8tImb9F6QFLFa241EiwBKeQ4sGy4es/tZ8b5L3ad8 9Tb34+W2OZ3qjyZG9ni5vNEopu4t/6URZ9EUwp4B4EEH55nhwibCS0XBPWXSn/mi YKdorAiWUjWh6emNbSuiTMfbXd2QMThIMisG/ZPmAZDR2+PsjErgWItHg1YmLbmU N0gTKqoYPQbHKqF5p4SgzMV8LJlfllR4y6do3vT7392QBlyqtBw1I+MvoRrot247 LADC3W8kHwuxzdYvFW/05QrTPbkFWIvQV5MOKHL4+vbS3/eDFvX1NqWXRTVouj1Z /StR8Obq1kagwV3K5bsFzPmBzc53Oejl7lp7KHJ+cVNgeabdYtVYWS5rAP+wFlrV kXRXwIdPSbxlLY5OU4LpVNZ+ZpGGZ82oL7+hV0WLp7CGNaHuRVlToMyEFo7sYIqK K0INIfN+bz5RO93VofbEBUP6AZO/NZLsEKeDiQNyq0WdFYOeI3o8JSC3Vhv38+vh Z13G0VCT0hQn96Yd0Fgv4vKUZYI3hDlb6mEupFTUVK+KAKyCrG5BBx7i7jTBXt4H tVTzHPuf2bMiPUeKEMyFLeMQkEPYDujoxMwaxIQhohPCO/i6xWpDP16EQn5H+UcD x5ZpMEpNVEE=LJM+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A patch has been released for devtoolset-11-annobin in Red Hat Software Collections to mitigate potential security vulnerabilities.. Devtoolset Annobin Update, Red Hat Security Advisory, Moderate Risk Issues. . LinuxSecurity.com Team

Calendar 2 Nov 18, 2021 Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatebinutils

RedHat: RHSA-2021-4730:02 Moderate: Unicode Trojan Source Security Risk

An update for devtoolset-11-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: devtoolset-11-binutils security update Advisory ID: RHSA-2021:4730-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:4730 Issue date: 2021-11-18 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for devtoolset-11-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf,strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: devtoolset-11-binutils-2.36.1-1.el7.1.src.rpm ppc64: devtoolset-11-binutils-2.36.1-1.el7.1.ppc64.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.ppc64.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.ppc64.rpm ppc64le: devtoolset-11-binutils-2.36.1-1.el7.1.ppc64le.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.ppc64le.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.ppc64le.rpm s390x: devtoolset-11-binutils-2.36.1-1.el7.1.s390x.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.s390x.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.s390x.rpm x86_64: devtoolset-11-binutils-2.36.1-1.el7.1.x86_64.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.i686.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.x86_64.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.i686.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: devtoolset-11-binutils-2.36.1-1.el7.1.src.rpm ppc64: devtoolset-11-binutils-2.36.1-1.el7.1.ppc64.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.ppc64.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.ppc64.rpm ppc64le: devtoolset-11-binutils-2.36.1-1.el7.1.ppc64le.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.ppc64le.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.ppc64le.rpm s390x: devtoolset-11-binutils-2.36.1-1.el7.1.s390x.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.s390x.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.s390x.rpm x86_64: devtoolset-11-binutils-2.36.1-1.el7.1.x86_64.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.i686.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.x86_64.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.i686.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: devtoolset-11-binutils-2.36.1-1.el7.1.src.rpm x86_64: devtoolset-11-binutils-2.36.1-1.el7.1.x86_64.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.i686.rpm devtoolset-11-binutils-debuginfo-2.36.1-1.el7.1.x86_64.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.i686.rpm devtoolset-11-binutils-devel-2.36.1-1.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZZl/dzjgjWX9erEAQizjA/9FJQAr52VltgakOS46xfFxvyYzeqWNtHr pnYAV9zsVHdycun0j6r0aFYh/NiAUeNAQVaTyuv+XYTqBuT1rfM+zfnICNlAXYHw 45scik70hoWpT/hJGQyAmAjVPGtV35NY243fNHErb9ZPazy6QyewqUD+TQ1hSYmV x+3I63Fzcu1yYunyae8tT1Y01SULABU9j36QW9LBC8GabrFLazeh5kal0eh2K58K g/76QdvJf7qHPD6oHm1qzmH+PYw1mfo8qTgsS2jex5g6AjUWfvfr5VOffZq6opK5 jS8Sg5SkMqLq8KHbV2UXAXJgEqqEFoPWDuEI4WYwjgz063BqacCG8m9nWXQn5cmQ bFpLzoe9OeMNHqHXcd3eGvWBW4RmBDnvyL7teyU5ZUbr0B00wnHNLIff4fs4VZuV IfNDedCn6bKs6wvCFyRVY7QVl8uGvuTJ4yIc9Fpq89YdieD97Rpvl+x6IldCt4f+ PlQCGWNKkFP+zuGDtzGLbqOZqZLduAPRUbNjckqgP7pz0CzwtCxJ2mHEGuncvCQa zUejz1lx1pN1yhVycGeALx6j6Q1W0o+skUaudpayYB9LcPbXZGKgRzM47i4Fx+gB iBWBmYS8hPJT6w/jZWWAhH9RNB9W1YawUmrwLTkprzQXLNMQwgn69VKaWQJvsygQ nMpoO0bUAaU=mRoE -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent update for devtoolset-11-gcc addresses vulnerabilities classified as moderate, particularly related to potential trojan source threats.. Red Hat Security Advisory, Software Collections Update, Unicode Security Issue. . LinuxSecurity.com Team

Calendar 2 Nov 18, 2021 Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysoftware updateFedora

CentOS 8: 2021-5568abx38h Critical: Python Vulnerabilities Addressed

Rust 1.56.1 adds a mitigation for CVE-2021-42574, the "trojan source" attack that obfuscates code with BiDi control characters. The compiler will now error on such characters in code comments and string/char literals. For more details, see the upstream [security advisory](https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-443139f67c 2021-11-11 01:22:23.181028 --------------------------------------------------------------------------------Name : rust Product : Fedora 33 Version : 1.56.1 Release : 1.fc33 URL : https://rust-lang.org/ Summary : The Rust Programming Language Description : Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator. --------------------------------------------------------------------------------Update Information: Rust 1.56.1 adds a mitigation for CVE-2021-42574, the "trojan source" attack that obfuscates code with BiDi control characters. The compiler will now error on such characters in code comments and string/char literals. For more details, see the upstream [security advisory](https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html). --------------------------------------------------------------------------------ChangeLog: * Mon Nov 1 2021 Josh Stone - 1.56.1-1 - Update to 1.56.1. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-443139f67c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora 33 updates Rust 1.56.1 addressing the trojan source attack. Discover the effects and solutions.. Rust Mitigation,Trojan Source Attack,Fedora Update,Rust Compiler. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateupdate

RedHat: RHSA-2021-4585-01 Moderate: gcc-toolset-10-gcc Trojan Source Risk

An update for gcc-toolset-10-gcc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gcc-toolset-10-gcc security update Advisory ID: RHSA-2021:4585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4585 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for gcc-toolset-10-gcc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warningoff. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: gcc-toolset-10-gcc-10.3.1-1.2.el8_5.src.rpm aarch64: gcc-toolset-10-gcc-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-gdb-plugin-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-gfortran-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libasan-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libitm-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-liblsan-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libstdc++-docs-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libtsan-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libubsan-devel-10.3.1-1.2.el8_5.aarch64.rpm libasan6-10.3.1-1.2.el8_5.aarch64.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm ppc64le: gcc-toolset-10-gcc-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-gdb-plugin-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-gfortran-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libasan-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libitm-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-liblsan-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libquadmath-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libstdc++-docs-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libtsan-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libubsan-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-offload-nvptx-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm libasan6-10.3.1-1.2.el8_5.ppc64le.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm s390x: gcc-toolset-10-gcc-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-gdb-plugin-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-gfortran-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libasan-devel-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libitm-devel-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libstdc++-docs-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libubsan-devel-10.3.1-1.2.el8_5.s390x.rpm libasan6-10.3.1-1.2.el8_5.s390x.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.s390x.rpm x86_64: gcc-toolset-10-gcc-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-c++-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-gdb-plugin-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-gfortran-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libasan-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libasan-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libatomic-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libitm-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libitm-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-liblsan-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libquadmath-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libquadmath-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libstdc++-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libstdc++-docs-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libtsan-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libubsan-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libubsan-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-offload-nvptx-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm libasan6-10.3.1-1.2.el8_5.i686.rpm libasan6-10.3.1-1.2.el8_5.x86_64.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.i686.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.aarch64.rpm ppc64le: gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm gcc-toolset-10-offload-nvptx-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.ppc64le.rpm s390x: gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.s390x.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.s390x.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.s390x.rpm x86_64: gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-c++-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-gdb-plugin-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-gfortran-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-plugin-devel-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-gcc-plugin-devel-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.i686.rpm gcc-toolset-10-libgccjit-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm gcc-toolset-10-offload-nvptx-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.i686.rpm libasan6-debuginfo-10.3.1-1.2.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYvaQdzjgjWX9erEAQgorA/+LPlM8+UY4XxwMh+vJ319U7KDsPTrYyMV l7hKM+s1KsFDAlnQc62ncK0An6n9z1gCnPjbBdihgO81b2LUNbwGzl6s0iKXj79b 0uWtejXT+ybvRG+BlpCgKGvqBW+UbxmtcXGIKU3/L36PXvjQAG/mMfYtyLjEHaoR ZUBQbrjmJHNXDDWZq0h/SEyUZceIFCK+UPH37yctYGFZOP/TxI5cZFGt1x4P2quU nnbV+R1prayTE55iKQY72iDtXcYcWWqYMNSImd8iJlM5H6s9XkB45029ntGSlimP 4ak1OI2+QOJHShAuMDSMdqVSt9KNBvZj4MSToDLIVgQd2NPI4ZNn4c2xNxJi4TVY gU9mLa85MjRI9zK9v7ar3M0Xi5sAAr0jIXfI82fUtApdS9AxFxw005QP/Rru0B2l IYY/d+gZzd2gkHc8vbjo8Fafju1MdoWNsOIEUOvH3FlnTOXZ4ROYfhsARVQqjzLa mkP0XNX4ZFZO2OHJdQ2NRL0zCPAsf0NLM5hkFy5QdK+uoJIFJWJ4WdSxl4zU6si1 1d+lYDyn47HytolvtALIpkPg8w202pxI267o2UGvmvH+yGwYCasZRrNANAEeYvPQ JYswO+7q7kxBrlzpKLMYYFboBOokW5A6Ns3x7hSoJOygdxvHD1atX3CjoApBiR5e lq4spWt+4ds=/mHB -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent enhancement for gcc-toolset-10-gcc bolsters security throughseveral moderate fixes aimed at thwarting trojan source vulnerabilities.. RedHat Update,gcc-toolset Security,trojan Source Attack, security Advisory. . LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateRed Hat

Red Hat: RHSA-2021:4594-02 Moderate: Gcc-Toolset-11 Trojan Source Risk

An update for gcc-toolset-11-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gcc-toolset-11-binutils security update Advisory ID: RHSA-2021:4594-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4594 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for gcc-toolset-11-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicodeoption is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: gcc-toolset-11-binutils-2.36.1-1.el8_5.1.src.rpm aarch64: gcc-toolset-11-binutils-2.36.1-1.el8_5.1.aarch64.rpm gcc-toolset-11-binutils-debuginfo-2.36.1-1.el8_5.1.aarch64.rpm gcc-toolset-11-binutils-devel-2.36.1-1.el8_5.1.aarch64.rpm ppc64le: gcc-toolset-11-binutils-2.36.1-1.el8_5.1.ppc64le.rpm gcc-toolset-11-binutils-debuginfo-2.36.1-1.el8_5.1.ppc64le.rpm gcc-toolset-11-binutils-devel-2.36.1-1.el8_5.1.ppc64le.rpm s390x: gcc-toolset-11-binutils-2.36.1-1.el8_5.1.s390x.rpm gcc-toolset-11-binutils-debuginfo-2.36.1-1.el8_5.1.s390x.rpm gcc-toolset-11-binutils-devel-2.36.1-1.el8_5.1.s390x.rpm x86_64: gcc-toolset-11-binutils-2.36.1-1.el8_5.1.x86_64.rpm gcc-toolset-11-binutils-debuginfo-2.36.1-1.el8_5.1.i686.rpm gcc-toolset-11-binutils-debuginfo-2.36.1-1.el8_5.1.x86_64.rpm gcc-toolset-11-binutils-devel-2.36.1-1.el8_5.1.i686.rpm gcc-toolset-11-binutils-devel-2.36.1-1.el8_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYvZ5NzjgjWX9erEAQjhrg/+MLr1J38tt+DLdKp0R8PpBCFeP8XbuDv6 KOeB+m62F0NKidXJhbBj1ljvVQN3WFy62WmEI4NxBn2FICp2DlZkleA7Rg0GsK2r G3U6RHj84UPQDKm/DLNvGvEpfWurVgtzklqnN4JbvvhEJr04r3PquCdUkcBxj40Y 0xfVwj+QpWuyjCBtdKMPs1HXZQ4skH2RCEgt8P10+2LPwb4ko8W9C39MSY4ZDtU+ cm3GRUxWNM7punalL8Y7RNJyeHiur4fMhH9ZXaMlAwBhBZvbfp267WqxdlCk7H1r M2uar0rb49vtguVxUcDnUg/2zqNCLWrzl8rb0RiRENUfUcFRXYmby7wkV8nJNJwl XPCjrIklpIDzk93SLVV+85LCTCKIFTo88wgY0TiJiGlETPBfsL++TTBWaU8wu022 3Wn9CP3DpF20jo34Uu67NNkkiNcKegpgv/u21NblOxBWbhJ+4/zQwGz6XTe7DQZq lwWD68Bx6VG12iO/nhutR8Nsi81Bq8xTYl+xf/2V/PBzIs9AODW5+3MXawdR7kUS Eg9SL0HYfqMZagGOjbvSSSj34GRXac9f4tbVY56NK+R+gLe3DNCfCFSvgo3kP57E 0tlTOSw7ptXMTzvB5BRfrt6l6Uk61qCU/IFwQ8mKY5eLU51XaSDXHeeBolP9mK11 OrnA4rxs7X4=+X89 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The gcc-toolset-11-binutils patch for Red Hat mitigates risks from Unicode BiDi characters exploited in trojan source vulnerabilities.. gcc-toolset Security Fix, Red Hat Update, binutils Security. . LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

Red Hat: RHSA-2021:4595-04 Moderate: Binutils Trojan Source Attack

An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: binutils security update Advisory ID: RHSA-2021:4595-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4595 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using"--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: binutils-debuginfo-2.30-108.el8_5.1.aarch64.rpm binutils-debugsource-2.30-108.el8_5.1.aarch64.rpm binutils-devel-2.30-108.el8_5.1.aarch64.rpm ppc64le: binutils-debuginfo-2.30-108.el8_5.1.ppc64le.rpm binutils-debugsource-2.30-108.el8_5.1.ppc64le.rpm binutils-devel-2.30-108.el8_5.1.ppc64le.rpm s390x: binutils-debuginfo-2.30-108.el8_5.1.s390x.rpm binutils-debugsource-2.30-108.el8_5.1.s390x.rpm binutils-devel-2.30-108.el8_5.1.s390x.rpm x86_64: binutils-debuginfo-2.30-108.el8_5.1.i686.rpm binutils-debuginfo-2.30-108.el8_5.1.x86_64.rpm binutils-debugsource-2.30-108.el8_5.1.i686.rpm binutils-debugsource-2.30-108.el8_5.1.x86_64.rpm binutils-devel-2.30-108.el8_5.1.i686.rpm binutils-devel-2.30-108.el8_5.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: binutils-2.30-108.el8_5.1.src.rpm aarch64: binutils-2.30-108.el8_5.1.aarch64.rpm binutils-debuginfo-2.30-108.el8_5.1.aarch64.rpm binutils-debugsource-2.30-108.el8_5.1.aarch64.rpm ppc64le: binutils-2.30-108.el8_5.1.ppc64le.rpm binutils-debuginfo-2.30-108.el8_5.1.ppc64le.rpm binutils-debugsource-2.30-108.el8_5.1.ppc64le.rpm s390x: binutils-2.30-108.el8_5.1.s390x.rpm binutils-debuginfo-2.30-108.el8_5.1.s390x.rpm binutils-debugsource-2.30-108.el8_5.1.s390x.rpm x86_64: binutils-2.30-108.el8_5.1.x86_64.rpm binutils-debuginfo-2.30-108.el8_5.1.x86_64.rpm binutils-debugsource-2.30-108.el8_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYvZ39zjgjWX9erEAQg92A//Y+bXQZVogHV5BRM/wjA0ytwdwvBfWrmO Yi75axIJrtSYOfVIVVK+BNzWfQmKxWrZ2LWS4T7R0O4wq0GMKJBy2fvFl0gYMoFr ESvQ+hI6SPzZJKTZBJaY1l4NginDxyJ2JHtngCragJaK1Gr/BS1fMZQMh8xGUayr l3+zUZh5MWiGwXSMrbeR3dxtgKaBY8GmHDOcZ85N1p/bV5jm0JUZyrfXSsrVI+r9 6sUcr6dOKy+nc9Fa1T4AwgfV73qfSDFTB8mnBg7bs1h4iewI7ZcXRS78ax7ROvzr fcGDS6GSToxEj8qECso3a9ip6aJ+opSzuIHRcC25e0UjMe4as9pM3TxXteWoNre1 9f8fs+vDTIrwgWf1O+DXxpETEZdOMfnP4NxksPvKxag8oZ44RLlXfJHEycT4icmK Ne81zuYqJCq/QvWwkSKCl0IhID6Vb37+QhiWramFPHTdnq1D+ylghdY4emjSYiCM UamNp42z6MiL4YhxpDKqs4lnfcwi/ErEgiVtRUWsQcrmSX4m4rBklqQtGvlnqggD r+bb/LvEi8jP3T8vZNFsmm1peZhXun7IPdGuHqkWFDTzVH12w3L6pDdyLlgc33Mz AVtWJCHqjxuCOg51BfWFoXgfsuISurIm3H4WVrI0I8xQFKpMu/tENgtqhmAAJhge +OaYWHXdQJ4=ubiW -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Linux rolls out a patchaddressing vulnerabilities in coreutils to mitigate risks stemming from hidden code within whitespace.. binutils update, Red Hat advisory, Linux enterprise security, Unicode attacks, security patch. . LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity issue

Red Hat Enterprise Linux 8.4 RHSA-2021:4596 Moderate: Trojan Source Attack

An update for binutils is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: binutils security update Advisory ID: RHSA-2021:4596-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4596 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using"--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.4): aarch64: binutils-debuginfo-2.30-93.el8_4.2.aarch64.rpm binutils-debugsource-2.30-93.el8_4.2.aarch64.rpm binutils-devel-2.30-93.el8_4.2.aarch64.rpm ppc64le: binutils-debuginfo-2.30-93.el8_4.2.ppc64le.rpm binutils-debugsource-2.30-93.el8_4.2.ppc64le.rpm binutils-devel-2.30-93.el8_4.2.ppc64le.rpm s390x: binutils-debuginfo-2.30-93.el8_4.2.s390x.rpm binutils-debugsource-2.30-93.el8_4.2.s390x.rpm binutils-devel-2.30-93.el8_4.2.s390x.rpm x86_64: binutils-debuginfo-2.30-93.el8_4.2.i686.rpm binutils-debuginfo-2.30-93.el8_4.2.x86_64.rpm binutils-debugsource-2.30-93.el8_4.2.i686.rpm binutils-debugsource-2.30-93.el8_4.2.x86_64.rpm binutils-devel-2.30-93.el8_4.2.i686.rpm binutils-devel-2.30-93.el8_4.2.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS(v.8.4): Source: binutils-2.30-93.el8_4.2.src.rpm aarch64: binutils-2.30-93.el8_4.2.aarch64.rpm binutils-debuginfo-2.30-93.el8_4.2.aarch64.rpm binutils-debugsource-2.30-93.el8_4.2.aarch64.rpm ppc64le: binutils-2.30-93.el8_4.2.ppc64le.rpm binutils-debuginfo-2.30-93.el8_4.2.ppc64le.rpm binutils-debugsource-2.30-93.el8_4.2.ppc64le.rpm s390x: binutils-2.30-93.el8_4.2.s390x.rpm binutils-debuginfo-2.30-93.el8_4.2.s390x.rpm binutils-debugsource-2.30-93.el8_4.2.s390x.rpm x86_64: binutils-2.30-93.el8_4.2.x86_64.rpm binutils-debuginfo-2.30-93.el8_4.2.x86_64.rpm binutils-debugsource-2.30-93.el8_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYvZ1dzjgjWX9erEAQjInw/9GD+BYGaWMOo+pidclEBSROfDMQDOgSeD /1IsyKS7C66otKVIxqEOPFMdc+PtB+z5Is6j48wsEwhxfWVXzZNseuzngDPXVr6E csVtITwvVH/2lmrs/I+yQSUOHcCcyPUqbaZ36UwmyrCyegrsiUSVhNwI/vxD+HE7 WufSQPkYA3DAE64ye4vTLxuTdzb+O41tuxkW5SdEXBTcjGBskvgjqDzbU7ZpyxV3 Zy6mLhdkfgCig//EwjdL1+S5Ic4TyDyPX0rQZ9R4kbuvM3I2cq8GIBlHMuGTM5q9 ZB8XwOLrF7xqLU580HYU1AGUGTyey7gxMU+PxM3pGGaJuOC66cMaE86E5QmJ597m LnZvlNbanB2rRxXdkxTMLfkt0rNkUNuOGXBLG6qgYb5iGMuX19OCiYubCyR4m+Zi aBVHN9tDN/VlKuEK30KS2kk874mLyq30RmPXxc33ymY1tJG1oiJHW/SjQ7uq0iSW A5sfOOl4mhLsjxDV1D+LKTcYBvWxKjDamaLhUMxy1PwT8PK6jZNVSlELxfjVyoeE HHvVOom+80OQLuCCOUU3xwYPck45vHUav+83idGjlL16ZaUUapo5eI/Cid4QJpt0 5CnWIWru9zPuAxQiur1/JUTIBAux4jN7qMFtfn/ucN5ljtHFqvAM/aP3yHeOTcNx pEA6pVJtNHM=JgYX -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A new update released for Red HatEnterprise Linux to rectify a moderate security vulnerability in binutils related to trojan source attacks.. Red Hat Enterprise Linux,Binutils Update,Trojan Source Security. . LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Red Hat
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here