RHSA-2021:4586-01 -- Redhat gcc-toolset-11-gcc, gcc-toolset-11-libasan-devel, gcc-toolset-11-libatomic-devel, gcc-toolset-11-libgccjit, gcc-toolset-11-libitm-devel, gcc-toolset-11-liblsan-devel, gcc-toolset-11-libstdc++-devel, gcc-toolset-11-libstdc++-docs, gcc-toolset-11-libtsan-devel, gcc-toolset-11-libubsan-devel, libasan6, gcc-toolset-11-libquadmath-devel, gcc-toolset-11-offload-nvptx-debuginfoID: oval:org.secpod.oval:def:506548 | Date: (C)2021-11-22 (M)2024-06-13 |
Class: PATCH | Family: unix |
The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix: * Developer environment: Unicode"s bidirectional override characters can cause trojan source attacks The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: and;-Wbidirectional=unpairedand;, which warns about improperly terminated BiDi contexts. and;-Wbidirectional=noneand;, which turns the warning off. and;-Wbidirectional=anyand;, which warns about any use of bidirectional characters. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |
Product: |
gcc-toolset-11-gcc |
gcc-toolset-11-libasan-devel |
gcc-toolset-11-libatomic-devel |
gcc-toolset-11-libgccjit |
gcc-toolset-11-libitm-devel |
gcc-toolset-11-liblsan-devel |
gcc-toolset-11-libstdc++-devel |
gcc-toolset-11-libstdc++-docs |
gcc-toolset-11-libtsan-devel |
gcc-toolset-11-libubsan-devel |
libasan6 |
gcc-toolset-11-libquadmath-devel |
gcc-toolset-11-offload-nvptx-debuginfo |