Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorymoderatered hatRed Hat: RHSA-2021-4649 Moderate: Gcc-Toolset-10 Binutils Unicode Attack
An update for gcc-toolset-10-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gcc-toolset-10-binutils security update Advisory ID: RHSA-2021:4649-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4649 Issue date: 2021-11-15 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for gcc-toolset-10-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicodeoption is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: gcc-toolset-10-binutils-2.35-8.el8_5.6.src.rpm aarch64: gcc-toolset-10-binutils-2.35-8.el8_5.6.aarch64.rpm gcc-toolset-10-binutils-debuginfo-2.35-8.el8_5.6.aarch64.rpm gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.aarch64.rpm ppc64le: gcc-toolset-10-binutils-2.35-8.el8_5.6.ppc64le.rpm gcc-toolset-10-binutils-debuginfo-2.35-8.el8_5.6.ppc64le.rpm gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.ppc64le.rpm s390x: gcc-toolset-10-binutils-2.35-8.el8_5.6.s390x.rpm gcc-toolset-10-binutils-debuginfo-2.35-8.el8_5.6.s390x.rpm gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.s390x.rpm x86_64: gcc-toolset-10-binutils-2.35-8.el8_5.6.x86_64.rpm gcc-toolset-10-binutils-debuginfo-2.35-8.el8_5.6.i686.rpm gcc-toolset-10-binutils-debuginfo-2.35-8.el8_5.6.x86_64.rpm gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.i686.rpm gcc-toolset-10-binutils-devel-2.35-8.el8_5.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZJx4NzjgjWX9erEAQi7Mg/8C+EFYgYwuWp6MLLB7rkvM56oomd0pn0/ 1FICg0onhz/TeHVep3q83NLFWauu4PVUAjbpaqA4y6g8bReldrn9wy+tao+QhWd+ vS+2y9xGHEhx3CmrRc3tChNPvCvaEqFxQIXEovsTbY3WreYQr7YWVGsmcc05DcuI oFsK6Xszl6kIA9WlT/HweeKDPJBq/KOzkNZg20UnqzH3dW21on8SkabbVZI+BRLO JcLl0y9JuqUF3/4n8ejTTonR15dGekuLlugU2r4KNTvtZxIhtuYDvKSM7QJtj+1Y 1EZJf1uGgGs9CrRTBC7jkSYjDxmFIWZLPrrB4yArMcTdL9ak95iHyfLsI2S0DTXQ o1uObMjRFzEESrUY1ZAaAwPV9X9fpwIysUhNHRma5dP3aaMB1dD8hJtpR6oI5pIe vai++eJiagGPHE9BoMZeska9PjdAf5MfwMaQ4rtErD9C1gwYgjE0h8lQNlRdNuKz 5dOgw5+VfGZpyH7i8NBFfZOcNwR/upxDDWOPVa/KcDGOtXam+YCtW7NBfVRspxqO p2eR5bp+RHSXW2ZO2++ibVdGioqcTv/pNqGjizEdXVkmhmXKLPxmpPHa0wkDn7tx CLp2JSAKUIEfMR8+7NLrZIZKppecjNOFd/AWkvkzQ3LWqUgUkx4hB+AywHZx4kD8 eDVs1OIfgiI=/GSZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 15, 2021 •Important Red Hat 98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 8 RHSA-2021:4593 Moderate Annobin Unicode Attack
An update for annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: annobin security update Advisory ID: RHSA-2021:4593-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4593 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: annobin-9.72-1.el8_5.2.src.rpm aarch64: annobin-9.72-1.el8_5.2.aarch64.rpm annobin-annocheck-9.72-1.el8_5.2.aarch64.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.aarch64.rpm annobin-debuginfo-9.72-1.el8_5.2.aarch64.rpm annobin-debugsource-9.72-1.el8_5.2.aarch64.rpm ppc64le: annobin-9.72-1.el8_5.2.ppc64le.rpm annobin-annocheck-9.72-1.el8_5.2.ppc64le.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.ppc64le.rpm annobin-debuginfo-9.72-1.el8_5.2.ppc64le.rpm annobin-debugsource-9.72-1.el8_5.2.ppc64le.rpm s390x: annobin-9.72-1.el8_5.2.s390x.rpm annobin-annocheck-9.72-1.el8_5.2.s390x.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.s390x.rpm annobin-debuginfo-9.72-1.el8_5.2.s390x.rpm annobin-debugsource-9.72-1.el8_5.2.s390x.rpm x86_64: annobin-9.72-1.el8_5.2.x86_64.rpm annobin-annocheck-9.72-1.el8_5.2.x86_64.rpm annobin-annocheck-debuginfo-9.72-1.el8_5.2.x86_64.rpm annobin-debuginfo-9.72-1.el8_5.2.x86_64.rpm annobin-debugsource-9.72-1.el8_5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYvZ6dzjgjWX9erEAQhHiQ//R6JZeNlOCTcDKFkLUIVIWM6Erqvy5d5g uCcnrNlAKIrFxwDU4eTAug7VzRC+LcFZh1/el7TVyMhVGmX5qBziYLKr0oLfc5J2 bXcIRDIRDlEMAkIZN7slXxDV89viylndbufOe7I9dp/z4ZU1cnb+2rAtToPAeA0X MMu84u41BTh+7V4ZDOZSFXZ7H+aV9NGnDZTp5n2/FJjMZiEIlO+KOB8lD0eO+e5O KMLLdKUcPZyqxp8xiQZVtXKeK3RO5QwT7fLCLFW+LOqH10hc/cl6qOeaHhYRyj7G HEhcNKr764DoHumrfc4aLDHCVVr5+aEbWl7pGcdlQoAbXLfznD0ZApI9RuwV42Qk rtXB7bV+/kHN85C35BliWYwch00ELiIGmy9YwA7vUxMz7O/QfqvPZ5nqJ8PSm3RU UxDvC0ucFJXDRYmK0V7XMwBDHfhHBU9UulL8ztH+p8Oe1Sfoj8qz7HQxfeYcmN1V Z5ELQbRDWducWM15lAChps8+WKWNw/RMpfzCWfRQnJPH38caKrdIKfA0Mz7GMLCT SI0K23eKL54+Q55+7Lnws78nw2ywSJYgqGXZ8NHDycLhGkj+M4/AiH0lnZ4MDD3E I4iJE9hMCB2JeO5SWLR/vbtgMG5Upky7CZGXC+52fQYxMn2r4czgkX8Y/6i7/IMh 8G9Xy0rLtUk=Ke8O -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021 Red Hat 
98
security advisorymoderatered hat enterpriseRedHat: RHSA-2021-4599 Moderate: Annobin Trojan Source Risk
An update for annobin is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: annobin security update Advisory ID: RHSA-2021:4599-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4599 Issue date: 2021-11-10 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for annobin is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: annobin-8.78-1.el8_1.1.src.rpm aarch64: annobin-8.78-1.el8_1.1.aarch64.rpm annobin-debuginfo-8.78-1.el8_1.1.aarch64.rpm annobin-debugsource-8.78-1.el8_1.1.aarch64.rpm ppc64le: annobin-8.78-1.el8_1.1.ppc64le.rpm annobin-debuginfo-8.78-1.el8_1.1.ppc64le.rpm annobin-debugsource-8.78-1.el8_1.1.ppc64le.rpm s390x: annobin-8.78-1.el8_1.1.s390x.rpm annobin-debuginfo-8.78-1.el8_1.1.s390x.rpm annobin-debugsource-8.78-1.el8_1.1.s390x.rpm x86_64: annobin-8.78-1.el8_1.1.x86_64.rpm annobin-debuginfo-8.78-1.el8_1.1.x86_64.rpm annobin-debugsource-8.78-1.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYYvZz9zjgjWX9erEAQjnow/7Bs1wsBqJaOB/M4xTW29Zt4dn1AxxMACZ Gu1AmyWZ5LPV+6nUSU8MH8kao4RQ7HIrL9Z/CTwBC/41mYiXSXZd5MYu11tKCFCX D9FdskTVy87TBi0F98g5GkO4AbCVTgpFtvXQIfquLoaYLvay7iij+KHVUHS4E2JY KBqq3C9+P3bTQeKq72nC8AqNJ817Fiytp7Awd7wY1d9ZmQ1mn0itlunCS/+iUO8Y Eu9V+3ciNf6kAYOj0Q3LYKoNrvUDsEpDTLDH4Tk0hrMX6Twwy9Ob+qhD6uYuiOaf Fn4KPmW+lR3S8++3tyW9gV1VQDZ8J2inSCczBCQAOOzvVA6KtGCadFYjgNqcA4YJ kvxYeo6+YaVeSrGCsu7bgSNq4e0LPoQ/bU0EFaA8xjYyoKKIHc60rQTD45gXrvop JjFLQ4FDly4Brg/y+poGvRpUTMGkr2LooglqZJBh1VSJBP6l9XvkjRI8reRmbqPy zoCXh3GNhsvv1yh76jlgsEfvMROmn1rJAdKhH3yISxMymzWCKfRO5BcuTrKZuYzb AtF4KKHwCZWheVqOmXC1LWzJzqBfHn8emr2QriQf87Ge3WAp+H/qo3IpmFlW8DAr iPyNSyAua2HzlklWnmMKOg2A+MugyJczptt13cEV3fN5ySeCsw6nNTF4d5CPCAyQ NzG5xWYOFyw=w/JN -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 10, 2021 Red Hat 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!