RHSA-2021:4585-01 -- Redhat gcc-toolset-10-gcc, gcc-toolset-10-libasan-devel, gcc-toolset-10-libatomic-devel, gcc-toolset-10-libgccjit-debuginfo, gcc-toolset-10-libitm-devel, gcc-toolset-10-liblsan-devel, gcc-toolset-10-libstdc++-devel, gcc-toolset-10-libstdc++-docs, gcc-toolset-10-libtsan-devel, gcc-toolset-10-libubsan-devel, libasan6, gcc-toolset-10-libquadmath-devel, gcc-toolset-10-offload-nvptx-debuginfoID: oval:org.secpod.oval:def:506532 | Date: (C)2021-11-22 (M)2024-06-13 |
Class: PATCH | Family: unix |
The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: and;-Wbidirectional=unpaired and;, which warns about improperly terminated BiDi contexts. and;-Wbidirectional=none and;, which turns the warning off. and;-Wbidirectional=anyand;, which warns about any use of bidirectional characters. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
gcc-toolset-10-gcc |
gcc-toolset-10-libasan-devel |
gcc-toolset-10-libatomic-devel |
gcc-toolset-10-libgccjit-debuginfo |
gcc-toolset-10-libitm-devel |
gcc-toolset-10-liblsan-devel |
gcc-toolset-10-libstdc++-devel |
gcc-toolset-10-libstdc++-docs |
gcc-toolset-10-libtsan-devel |
gcc-toolset-10-libubsan-devel |
libasan6 |
gcc-toolset-10-libquadmath-devel |
gcc-toolset-10-offload-nvptx-debuginfo |