132 lines
11 KiB
XML
132 lines
11 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
|
<DocumentTitle xml:lang="en">An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3</DocumentTitle>
|
|
<DocumentType>Security Advisory</DocumentType>
|
|
<DocumentPublisher Type="Vendor">
|
|
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
|
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
|
</DocumentPublisher>
|
|
<DocumentTracking>
|
|
<Identification>
|
|
<ID>openEuler-SA-2022-1501</ID>
|
|
</Identification>
|
|
<Status>Final</Status>
|
|
<Version>1.0</Version>
|
|
<RevisionHistory>
|
|
<Revision>
|
|
<Number>1.0</Number>
|
|
<Date>2022-01-22</Date>
|
|
<Description>Initial</Description>
|
|
</Revision>
|
|
</RevisionHistory>
|
|
<InitialReleaseDate>2022-01-22</InitialReleaseDate>
|
|
<CurrentReleaseDate>2022-01-22</CurrentReleaseDate>
|
|
<Generator>
|
|
<Engine>openEuler SA Tool V1.0</Engine>
|
|
<Date>2022-01-22</Date>
|
|
</Generator>
|
|
</DocumentTracking>
|
|
<DocumentNotes>
|
|
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">binutils security update</Note>
|
|
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.</Note>
|
|
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols. dlltool - Creates files for building and using DLLs. gold - A new, faster, ELF only linker, still in beta test. gprof - Displays profiling information. nlmconv - Converts object code into an NLM. nm - Lists symbols from object files. objcopy - Copies and translates object files. objdump - Displays information from object files. ranlib - Generates an index to the contents of an archive. readelf - Displays information from any ELF format object file. size - Lists the section sizes of an object or archive file. strings - Lists printable strings from files. trip - Discards symbols. windmc - A Windows compatible message compiler. windres - A compiler for Windows resource files.
|
|
|
|
Security Fix(es):
|
|
|
|
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.(CVE-2021-42574)</Note>
|
|
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
|
|
|
|
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
|
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
|
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">binutils</Note>
|
|
</DocumentNotes>
|
|
<DocumentReferences>
|
|
<Reference Type="Self">
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1501</URL>
|
|
</Reference>
|
|
<Reference Type="openEuler CVE">
|
|
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-42574</URL>
|
|
</Reference>
|
|
<Reference Type="Other">
|
|
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-42574</URL>
|
|
</Reference>
|
|
</DocumentReferences>
|
|
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
|
<Branch Type="Product Name" Name="openEuler">
|
|
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
|
|
<FullProductName ProductID="openEuler-20.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">openEuler-20.03-LTS-SP2</FullProductName>
|
|
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="aarch64">
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debuginfo-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-debuginfo-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-help-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-help-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debugsource-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-debugsource-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-devel-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-devel-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-devel-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-devel-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-help-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-help-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debuginfo-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-debuginfo-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debugsource-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-debugsource-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debuginfo-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-debuginfo-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debugsource-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-debugsource-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-help-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-help-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-devel-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-devel-2.34-19.oe1.aarch64.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="src">
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-2.34-19.oe1.src.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-2.34-19.oe1.src.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-2.34-19.oe1.src.rpm</FullProductName>
|
|
</Branch>
|
|
<Branch Type="Package Arch" Name="x86_64">
|
|
<FullProductName ProductID="binutils-debugsource-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-debugsource-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-help-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-help-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-devel-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-devel-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debuginfo-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-debuginfo-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">binutils-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-devel-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-devel-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debuginfo-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-debuginfo-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debugsource-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-debugsource-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-help-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-help-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">binutils-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debugsource-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-debugsource-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-help-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-help-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-devel-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-devel-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
<FullProductName ProductID="binutils-debuginfo-2.34-19" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">binutils-debuginfo-2.34-19.oe1.x86_64.rpm</FullProductName>
|
|
</Branch>
|
|
</ProductTree>
|
|
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
|
<Notes>
|
|
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.</Note>
|
|
</Notes>
|
|
<ReleaseDate>2022-01-22</ReleaseDate>
|
|
<CVE>CVE-2021-42574</CVE>
|
|
<ProductStatuses>
|
|
<Status Type="Fixed">
|
|
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
|
<ProductID>openEuler-20.03-LTS-SP2</ProductID>
|
|
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
|
</Status>
|
|
</ProductStatuses>
|
|
<Threats>
|
|
<Threat Type="Impact">
|
|
<Description>High</Description>
|
|
</Threat>
|
|
</Threats>
|
|
<CVSSScoreSets>
|
|
<ScoreSet>
|
|
<BaseScore>8.3</BaseScore>
|
|
<Vector>AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H</Vector>
|
|
</ScoreSet>
|
|
</CVSSScoreSets>
|
|
<Remediations>
|
|
<Remediation Type="Vendor Fix">
|
|
<Description>binutils security update</Description>
|
|
<DATE>2022-01-22</DATE>
|
|
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1501</URL>
|
|
</Remediation>
|
|
</Remediations>
|
|
</Vulnerability>
|
|
</cvrfdoc> |