An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1501 Final 1.0 1.0 2022-01-22 Initial 2022-01-22 2022-01-22 openEuler SA Tool V1.0 2022-01-22 binutils security update An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols. dlltool - Creates files for building and using DLLs. gold - A new, faster, ELF only linker, still in beta test. gprof - Displays profiling information. nlmconv - Converts object code into an NLM. nm - Lists symbols from object files. objcopy - Copies and translates object files. objdump - Displays information from object files. ranlib - Generates an index to the contents of an archive. readelf - Displays information from any ELF format object file. size - Lists the section sizes of an object or archive file. strings - Lists printable strings from files. trip - Discards symbols. windmc - A Windows compatible message compiler. windres - A compiler for Windows resource files. Security Fix(es): An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.(CVE-2021-42574) An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High binutils https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1501 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 binutils-2.34-19.oe1.aarch64.rpm binutils-debuginfo-2.34-19.oe1.aarch64.rpm binutils-help-2.34-19.oe1.aarch64.rpm binutils-debugsource-2.34-19.oe1.aarch64.rpm binutils-devel-2.34-19.oe1.aarch64.rpm binutils-2.34-19.oe1.aarch64.rpm binutils-devel-2.34-19.oe1.aarch64.rpm binutils-help-2.34-19.oe1.aarch64.rpm binutils-debuginfo-2.34-19.oe1.aarch64.rpm binutils-debugsource-2.34-19.oe1.aarch64.rpm binutils-debuginfo-2.34-19.oe1.aarch64.rpm binutils-debugsource-2.34-19.oe1.aarch64.rpm binutils-2.34-19.oe1.aarch64.rpm binutils-help-2.34-19.oe1.aarch64.rpm binutils-devel-2.34-19.oe1.aarch64.rpm binutils-2.34-19.oe1.src.rpm binutils-2.34-19.oe1.src.rpm binutils-2.34-19.oe1.src.rpm binutils-debugsource-2.34-19.oe1.x86_64.rpm binutils-help-2.34-19.oe1.x86_64.rpm binutils-devel-2.34-19.oe1.x86_64.rpm binutils-debuginfo-2.34-19.oe1.x86_64.rpm binutils-2.34-19.oe1.x86_64.rpm binutils-devel-2.34-19.oe1.x86_64.rpm binutils-debuginfo-2.34-19.oe1.x86_64.rpm binutils-debugsource-2.34-19.oe1.x86_64.rpm binutils-help-2.34-19.oe1.x86_64.rpm binutils-2.34-19.oe1.x86_64.rpm binutils-debugsource-2.34-19.oe1.x86_64.rpm binutils-help-2.34-19.oe1.x86_64.rpm binutils-2.34-19.oe1.x86_64.rpm binutils-devel-2.34-19.oe1.x86_64.rpm binutils-debuginfo-2.34-19.oe1.x86_64.rpm An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. 2022-01-22 CVE-2021-42574 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H binutils security update 2022-01-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1501