Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3841
annobin and binutils security update
11 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: annobin
binutils
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Provide Misleading Information -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-42574
Reference: ESB-2021.3645
ESB-2021.3638
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:4593
https://access.redhat.com/errata/RHSA-2021:4598
https://access.redhat.com/errata/RHSA-2021:4599
https://access.redhat.com/errata/RHSA-2021:4600
https://access.redhat.com/errata/RHSA-2021:4595
https://access.redhat.com/errata/RHSA-2021:4596
https://access.redhat.com/errata/RHSA-2021:4601
https://access.redhat.com/errata/RHSA-2021:4602
Comment: This bulletin contains eight (8) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: annobin security update
Advisory ID: RHSA-2021:4593-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4593
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for annobin is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
Annobin provides a compiler plugin to annotate and tools to examine
compiled binary files.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in annobin in order to facilitate
detection of BiDi Unicode characters:
This update of annobin adds a new annocheck test to detect the presence of
multibyte characters in symbol names.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
annobin-9.72-1.el8_5.2.src.rpm
aarch64:
annobin-9.72-1.el8_5.2.aarch64.rpm
annobin-annocheck-9.72-1.el8_5.2.aarch64.rpm
annobin-annocheck-debuginfo-9.72-1.el8_5.2.aarch64.rpm
annobin-debuginfo-9.72-1.el8_5.2.aarch64.rpm
annobin-debugsource-9.72-1.el8_5.2.aarch64.rpm
ppc64le:
annobin-9.72-1.el8_5.2.ppc64le.rpm
annobin-annocheck-9.72-1.el8_5.2.ppc64le.rpm
annobin-annocheck-debuginfo-9.72-1.el8_5.2.ppc64le.rpm
annobin-debuginfo-9.72-1.el8_5.2.ppc64le.rpm
annobin-debugsource-9.72-1.el8_5.2.ppc64le.rpm
s390x:
annobin-9.72-1.el8_5.2.s390x.rpm
annobin-annocheck-9.72-1.el8_5.2.s390x.rpm
annobin-annocheck-debuginfo-9.72-1.el8_5.2.s390x.rpm
annobin-debuginfo-9.72-1.el8_5.2.s390x.rpm
annobin-debugsource-9.72-1.el8_5.2.s390x.rpm
x86_64:
annobin-9.72-1.el8_5.2.x86_64.rpm
annobin-annocheck-9.72-1.el8_5.2.x86_64.rpm
annobin-annocheck-debuginfo-9.72-1.el8_5.2.x86_64.rpm
annobin-debuginfo-9.72-1.el8_5.2.x86_64.rpm
annobin-debugsource-9.72-1.el8_5.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZ6dzjgjWX9erEAQhHiQ//R6JZeNlOCTcDKFkLUIVIWM6Erqvy5d5g
uCcnrNlAKIrFxwDU4eTAug7VzRC+LcFZh1/el7TVyMhVGmX5qBziYLKr0oLfc5J2
bXcIRDIRDlEMAkIZN7slXxDV89viylndbufOe7I9dp/z4ZU1cnb+2rAtToPAeA0X
MMu84u41BTh+7V4ZDOZSFXZ7H+aV9NGnDZTp5n2/FJjMZiEIlO+KOB8lD0eO+e5O
KMLLdKUcPZyqxp8xiQZVtXKeK3RO5QwT7fLCLFW+LOqH10hc/cl6qOeaHhYRyj7G
HEhcNKr764DoHumrfc4aLDHCVVr5+aEbWl7pGcdlQoAbXLfznD0ZApI9RuwV42Qk
rtXB7bV+/kHN85C35BliWYwch00ELiIGmy9YwA7vUxMz7O/QfqvPZ5nqJ8PSm3RU
UxDvC0ucFJXDRYmK0V7XMwBDHfhHBU9UulL8ztH+p8Oe1Sfoj8qz7HQxfeYcmN1V
Z5ELQbRDWducWM15lAChps8+WKWNw/RMpfzCWfRQnJPH38caKrdIKfA0Mz7GMLCT
SI0K23eKL54+Q55+7Lnws78nw2ywSJYgqGXZ8NHDycLhGkj+M4/AiH0lnZ4MDD3E
I4iJE9hMCB2JeO5SWLR/vbtgMG5Upky7CZGXC+52fQYxMn2r4czgkX8Y/6i7/IMh
8G9Xy0rLtUk=
=Ke8O
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: annobin security update
Advisory ID: RHSA-2021:4598-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4598
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for annobin is now available for Red Hat Enterprise Linux 8.4
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64
3. Description:
Annobin provides a compiler plugin to annotate and tools to examine
compiled binary files.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in annobin in order to facilitate
detection of BiDi Unicode characters:
This update of annobin adds a new annocheck test to detect the presence of
multibyte characters in symbol names.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v.8.4):
Source:
annobin-9.50-1.el8_4.1.src.rpm
aarch64:
annobin-9.50-1.el8_4.1.aarch64.rpm
annobin-annocheck-9.50-1.el8_4.1.aarch64.rpm
annobin-annocheck-debuginfo-9.50-1.el8_4.1.aarch64.rpm
annobin-debuginfo-9.50-1.el8_4.1.aarch64.rpm
annobin-debugsource-9.50-1.el8_4.1.aarch64.rpm
ppc64le:
annobin-9.50-1.el8_4.1.ppc64le.rpm
annobin-annocheck-9.50-1.el8_4.1.ppc64le.rpm
annobin-annocheck-debuginfo-9.50-1.el8_4.1.ppc64le.rpm
annobin-debuginfo-9.50-1.el8_4.1.ppc64le.rpm
annobin-debugsource-9.50-1.el8_4.1.ppc64le.rpm
s390x:
annobin-9.50-1.el8_4.1.s390x.rpm
annobin-annocheck-9.50-1.el8_4.1.s390x.rpm
annobin-annocheck-debuginfo-9.50-1.el8_4.1.s390x.rpm
annobin-debuginfo-9.50-1.el8_4.1.s390x.rpm
annobin-debugsource-9.50-1.el8_4.1.s390x.rpm
x86_64:
annobin-9.50-1.el8_4.1.x86_64.rpm
annobin-annocheck-9.50-1.el8_4.1.x86_64.rpm
annobin-annocheck-debuginfo-9.50-1.el8_4.1.x86_64.rpm
annobin-debuginfo-9.50-1.el8_4.1.x86_64.rpm
annobin-debugsource-9.50-1.el8_4.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZdtzjgjWX9erEAQhhfA//cW0OcTRA73/Q+y7C/+Th/u7sxK957Ljs
NCjGqF7J193p5WHf62hU5soGfMAcID/gnr7fBCT7MFMiiYYdQdKnr4DWud70kAF+
B5hJkmKaCLoI9e7Et9TnJeLxyQbuBSSHxioAJp0jmC0YlDdZpu1VrOQrsBLFK44w
0jtrTX8TcvMuRdNTjSZlU5EYXYSw+iCkN5RBj2vCCivffKCPyfok5LEB+Y6vEbf+
jE2iM763tZXCoxVWCk9xyJ19UPXv9WaqlJs58Je9/PkLJflq2wEX7xzQgE/hfDRf
tH4H3f344vK5LwYlzIEoHL3BhprpKduL9aGMKt19K4NPi9QvrC9V6Nj7mCn17HXn
F1NeFeGlRxus7aSwCAStidqSflbJLrl726Q9xr8m4EjRVVImWyvX/8bwreU0o6N1
RHMCKn4JqcUaeNBvo7jTLeSYqrDwzJsSWt+SonU50L/xeq+sD50LnPZY0uVV9x7j
PpPS9kGddVDrDmmkTcwHwf2KS/k2P4bgkqMKwvhIniqVN9EFfnsgelwMX8maa2kw
qlJVsGGv9sfaNB9a+6y3h/p0vgWru/tjy/A+xiEOSSe6TmDHInnHMVdVE1Nch2go
d9saNypvo5s7tZhTrWPUYcoxA+/6K2s3JWkK5kmeqlOlFyA8bpsQ/U89sLHyd92V
dYCUI8zQcCk=
=CrJD
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: annobin security update
Advisory ID: RHSA-2021:4599-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4599
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for annobin is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
3. Description:
Annobin provides a compiler plugin to annotate and tools to examine
compiled binary files.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in annobin in order to facilitate
detection of BiDi Unicode characters:
This update of annobin adds a new annocheck test to detect the presence of
multibyte characters in symbol names.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
Source:
annobin-8.78-1.el8_1.1.src.rpm
aarch64:
annobin-8.78-1.el8_1.1.aarch64.rpm
annobin-debuginfo-8.78-1.el8_1.1.aarch64.rpm
annobin-debugsource-8.78-1.el8_1.1.aarch64.rpm
ppc64le:
annobin-8.78-1.el8_1.1.ppc64le.rpm
annobin-debuginfo-8.78-1.el8_1.1.ppc64le.rpm
annobin-debugsource-8.78-1.el8_1.1.ppc64le.rpm
s390x:
annobin-8.78-1.el8_1.1.s390x.rpm
annobin-debuginfo-8.78-1.el8_1.1.s390x.rpm
annobin-debugsource-8.78-1.el8_1.1.s390x.rpm
x86_64:
annobin-8.78-1.el8_1.1.x86_64.rpm
annobin-debuginfo-8.78-1.el8_1.1.x86_64.rpm
annobin-debugsource-8.78-1.el8_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZz9zjgjWX9erEAQjnow/7Bs1wsBqJaOB/M4xTW29Zt4dn1AxxMACZ
Gu1AmyWZ5LPV+6nUSU8MH8kao4RQ7HIrL9Z/CTwBC/41mYiXSXZd5MYu11tKCFCX
D9FdskTVy87TBi0F98g5GkO4AbCVTgpFtvXQIfquLoaYLvay7iij+KHVUHS4E2JY
KBqq3C9+P3bTQeKq72nC8AqNJ817Fiytp7Awd7wY1d9ZmQ1mn0itlunCS/+iUO8Y
Eu9V+3ciNf6kAYOj0Q3LYKoNrvUDsEpDTLDH4Tk0hrMX6Twwy9Ob+qhD6uYuiOaf
Fn4KPmW+lR3S8++3tyW9gV1VQDZ8J2inSCczBCQAOOzvVA6KtGCadFYjgNqcA4YJ
kvxYeo6+YaVeSrGCsu7bgSNq4e0LPoQ/bU0EFaA8xjYyoKKIHc60rQTD45gXrvop
JjFLQ4FDly4Brg/y+poGvRpUTMGkr2LooglqZJBh1VSJBP6l9XvkjRI8reRmbqPy
zoCXh3GNhsvv1yh76jlgsEfvMROmn1rJAdKhH3yISxMymzWCKfRO5BcuTrKZuYzb
AtF4KKHwCZWheVqOmXC1LWzJzqBfHn8emr2QriQf87Ge3WAp+H/qo3IpmFlW8DAr
iPyNSyAua2HzlklWnmMKOg2A+MugyJczptt13cEV3fN5ySeCsw6nNTF4d5CPCAyQ
NzG5xWYOFyw=
=w/JN
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: annobin security update
Advisory ID: RHSA-2021:4600-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4600
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for annobin is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
3. Description:
Annobin provides a compiler plugin to annotate and tools to examine
compiled binary files.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in annobin in order to facilitate
detection of BiDi Unicode characters:
This update of annobin adds a new annocheck test to detect the presence of
multibyte characters in symbol names.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
Source:
annobin-8.90-1.el8_2.1.src.rpm
aarch64:
annobin-8.90-1.el8_2.1.aarch64.rpm
annobin-debuginfo-8.90-1.el8_2.1.aarch64.rpm
annobin-debugsource-8.90-1.el8_2.1.aarch64.rpm
ppc64le:
annobin-8.90-1.el8_2.1.ppc64le.rpm
annobin-debuginfo-8.90-1.el8_2.1.ppc64le.rpm
annobin-debugsource-8.90-1.el8_2.1.ppc64le.rpm
s390x:
annobin-8.90-1.el8_2.1.s390x.rpm
annobin-debuginfo-8.90-1.el8_2.1.s390x.rpm
annobin-debugsource-8.90-1.el8_2.1.s390x.rpm
x86_64:
annobin-8.90-1.el8_2.1.x86_64.rpm
annobin-debuginfo-8.90-1.el8_2.1.x86_64.rpm
annobin-debugsource-8.90-1.el8_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZo9zjgjWX9erEAQh6ig/8CEoRQM/Eg5RJqcraJeo9LwPKN3cKZnME
PfmsKlH3az+4CB9dDmkYLlCVxVkPgwiq57frvsT15H/YnnFcRye21GtTHlRNPGvZ
LwCMiTO1YwN/9RvdH8LQSZ/CWJSYg0wMcVNJO3Wnv5iuZQX8Ltfq/XEMGCvslAMG
QwS8E7mU0JrKlyIv8l25QeF0t+ejvjbUdMEvO0N38i+opYtjoJWiyH2wvq0GDxe5
tgUFF5Uz4fmGyA9PQTdWXFGziLiHn9vmTNwrqLL46E2tHrEQhupWAgJBTx61xjpa
Z84VuEU80IrY47S44aJ4oRum9PghydFXU0Y6+BWJfrzh1u3pEUb/+RIYO4Tt+7yn
1qLbKwakV8BocFsvwCDDItjW+fSXm2YSvBY6dnrSdnLkK7mvZD7Sqqlv1Q1bZOIb
ycrZZrmAa0j3cTE77gVHVo6Xl2oiZR2/KsqTLbk61J508J1pr/ov7jMOhffFpg9A
02FiWN2fDxflKE3S+rauwe/EIoP+EPVItptSgkng6SW+NkVjlyp6QtBDOIohdZzm
mrgbhI+CqAmWXsp8aKYFSocKJR9rq6zotemaCFNu0Z0hi6BMZ9BYItdxLcGdYdNW
lv26l/He1krddw6hux6YBaeMZQjqR9A8B1v1e7l8l6TBsPYuZqGE4v0zT6a6+iIC
6HK37UtQoc4=
=Mp56
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: binutils security update
Advisory ID: RHSA-2021:4595-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4595
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for binutils is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the
ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings,
strip, and addr2line utilities.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:
Tools which display names or strings (readelf, strings, nm, objdump) have a
new command line option --unicode / -U which controls how Unicode
characters are handled.
Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used.
Using "--unicode=locale" will display them according to the current locale.
Using "--unicode=hex" will display them as hex byte values.
Using "--unicode=escape" will display them as Unicode escape sequences.
Using "--unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64:
binutils-debuginfo-2.30-108.el8_5.1.aarch64.rpm
binutils-debugsource-2.30-108.el8_5.1.aarch64.rpm
binutils-devel-2.30-108.el8_5.1.aarch64.rpm
ppc64le:
binutils-debuginfo-2.30-108.el8_5.1.ppc64le.rpm
binutils-debugsource-2.30-108.el8_5.1.ppc64le.rpm
binutils-devel-2.30-108.el8_5.1.ppc64le.rpm
s390x:
binutils-debuginfo-2.30-108.el8_5.1.s390x.rpm
binutils-debugsource-2.30-108.el8_5.1.s390x.rpm
binutils-devel-2.30-108.el8_5.1.s390x.rpm
x86_64:
binutils-debuginfo-2.30-108.el8_5.1.i686.rpm
binutils-debuginfo-2.30-108.el8_5.1.x86_64.rpm
binutils-debugsource-2.30-108.el8_5.1.i686.rpm
binutils-debugsource-2.30-108.el8_5.1.x86_64.rpm
binutils-devel-2.30-108.el8_5.1.i686.rpm
binutils-devel-2.30-108.el8_5.1.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
binutils-2.30-108.el8_5.1.src.rpm
aarch64:
binutils-2.30-108.el8_5.1.aarch64.rpm
binutils-debuginfo-2.30-108.el8_5.1.aarch64.rpm
binutils-debugsource-2.30-108.el8_5.1.aarch64.rpm
ppc64le:
binutils-2.30-108.el8_5.1.ppc64le.rpm
binutils-debuginfo-2.30-108.el8_5.1.ppc64le.rpm
binutils-debugsource-2.30-108.el8_5.1.ppc64le.rpm
s390x:
binutils-2.30-108.el8_5.1.s390x.rpm
binutils-debuginfo-2.30-108.el8_5.1.s390x.rpm
binutils-debugsource-2.30-108.el8_5.1.s390x.rpm
x86_64:
binutils-2.30-108.el8_5.1.x86_64.rpm
binutils-debuginfo-2.30-108.el8_5.1.x86_64.rpm
binutils-debugsource-2.30-108.el8_5.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZ39zjgjWX9erEAQg92A//Y+bXQZVogHV5BRM/wjA0ytwdwvBfWrmO
Yi75axIJrtSYOfVIVVK+BNzWfQmKxWrZ2LWS4T7R0O4wq0GMKJBy2fvFl0gYMoFr
ESvQ+hI6SPzZJKTZBJaY1l4NginDxyJ2JHtngCragJaK1Gr/BS1fMZQMh8xGUayr
l3+zUZh5MWiGwXSMrbeR3dxtgKaBY8GmHDOcZ85N1p/bV5jm0JUZyrfXSsrVI+r9
6sUcr6dOKy+nc9Fa1T4AwgfV73qfSDFTB8mnBg7bs1h4iewI7ZcXRS78ax7ROvzr
fcGDS6GSToxEj8qECso3a9ip6aJ+opSzuIHRcC25e0UjMe4as9pM3TxXteWoNre1
9f8fs+vDTIrwgWf1O+DXxpETEZdOMfnP4NxksPvKxag8oZ44RLlXfJHEycT4icmK
Ne81zuYqJCq/QvWwkSKCl0IhID6Vb37+QhiWramFPHTdnq1D+ylghdY4emjSYiCM
UamNp42z6MiL4YhxpDKqs4lnfcwi/ErEgiVtRUWsQcrmSX4m4rBklqQtGvlnqggD
r+bb/LvEi8jP3T8vZNFsmm1peZhXun7IPdGuHqkWFDTzVH12w3L6pDdyLlgc33Mz
AVtWJCHqjxuCOg51BfWFoXgfsuISurIm3H4WVrI0I8xQFKpMu/tENgtqhmAAJhge
+OaYWHXdQJ4=
=ubiW
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: binutils security update
Advisory ID: RHSA-2021:4596-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4596
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for binutils is now available for Red Hat Enterprise Linux 8.4
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64
3. Description:
The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the
ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings,
strip, and addr2line utilities.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:
Tools which display names or strings (readelf, strings, nm, objdump) have a
new command line option --unicode / -U which controls how Unicode
characters are handled.
Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used.
Using "--unicode=locale" will display them according to the current locale.
Using "--unicode=hex" will display them as hex byte values.
Using "--unicode=escape" will display them as Unicode escape sequences.
Using "--unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v.8.4):
aarch64:
binutils-debuginfo-2.30-93.el8_4.2.aarch64.rpm
binutils-debugsource-2.30-93.el8_4.2.aarch64.rpm
binutils-devel-2.30-93.el8_4.2.aarch64.rpm
ppc64le:
binutils-debuginfo-2.30-93.el8_4.2.ppc64le.rpm
binutils-debugsource-2.30-93.el8_4.2.ppc64le.rpm
binutils-devel-2.30-93.el8_4.2.ppc64le.rpm
s390x:
binutils-debuginfo-2.30-93.el8_4.2.s390x.rpm
binutils-debugsource-2.30-93.el8_4.2.s390x.rpm
binutils-devel-2.30-93.el8_4.2.s390x.rpm
x86_64:
binutils-debuginfo-2.30-93.el8_4.2.i686.rpm
binutils-debuginfo-2.30-93.el8_4.2.x86_64.rpm
binutils-debugsource-2.30-93.el8_4.2.i686.rpm
binutils-debugsource-2.30-93.el8_4.2.x86_64.rpm
binutils-devel-2.30-93.el8_4.2.i686.rpm
binutils-devel-2.30-93.el8_4.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS EUS (v.8.4):
Source:
binutils-2.30-93.el8_4.2.src.rpm
aarch64:
binutils-2.30-93.el8_4.2.aarch64.rpm
binutils-debuginfo-2.30-93.el8_4.2.aarch64.rpm
binutils-debugsource-2.30-93.el8_4.2.aarch64.rpm
ppc64le:
binutils-2.30-93.el8_4.2.ppc64le.rpm
binutils-debuginfo-2.30-93.el8_4.2.ppc64le.rpm
binutils-debugsource-2.30-93.el8_4.2.ppc64le.rpm
s390x:
binutils-2.30-93.el8_4.2.s390x.rpm
binutils-debuginfo-2.30-93.el8_4.2.s390x.rpm
binutils-debugsource-2.30-93.el8_4.2.s390x.rpm
x86_64:
binutils-2.30-93.el8_4.2.x86_64.rpm
binutils-debuginfo-2.30-93.el8_4.2.x86_64.rpm
binutils-debugsource-2.30-93.el8_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZ1dzjgjWX9erEAQjInw/9GD+BYGaWMOo+pidclEBSROfDMQDOgSeD
/1IsyKS7C66otKVIxqEOPFMdc+PtB+z5Is6j48wsEwhxfWVXzZNseuzngDPXVr6E
csVtITwvVH/2lmrs/I+yQSUOHcCcyPUqbaZ36UwmyrCyegrsiUSVhNwI/vxD+HE7
WufSQPkYA3DAE64ye4vTLxuTdzb+O41tuxkW5SdEXBTcjGBskvgjqDzbU7ZpyxV3
Zy6mLhdkfgCig//EwjdL1+S5Ic4TyDyPX0rQZ9R4kbuvM3I2cq8GIBlHMuGTM5q9
ZB8XwOLrF7xqLU580HYU1AGUGTyey7gxMU+PxM3pGGaJuOC66cMaE86E5QmJ597m
LnZvlNbanB2rRxXdkxTMLfkt0rNkUNuOGXBLG6qgYb5iGMuX19OCiYubCyR4m+Zi
aBVHN9tDN/VlKuEK30KS2kk874mLyq30RmPXxc33ymY1tJG1oiJHW/SjQ7uq0iSW
A5sfOOl4mhLsjxDV1D+LKTcYBvWxKjDamaLhUMxy1PwT8PK6jZNVSlELxfjVyoeE
HHvVOom+80OQLuCCOUU3xwYPck45vHUav+83idGjlL16ZaUUapo5eI/Cid4QJpt0
5CnWIWru9zPuAxQiur1/JUTIBAux4jN7qMFtfn/ucN5ljtHFqvAM/aP3yHeOTcNx
pEA6pVJtNHM=
=JgYX
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: binutils security update
Advisory ID: RHSA-2021:4601-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4601
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for binutils is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
3. Description:
The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the
ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings,
strip, and addr2line utilities.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:
Tools which display names or strings (readelf, strings, nm, objdump) have a
new command line option --unicode / -U which controls how Unicode
characters are handled.
Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used.
Using "--unicode=locale" will display them according to the current locale.
Using "--unicode=hex" will display them as hex byte values.
Using "--unicode=escape" will display them as Unicode escape sequences.
Using "--unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
aarch64:
binutils-debuginfo-2.30-73.el8_2.1.aarch64.rpm
binutils-debugsource-2.30-73.el8_2.1.aarch64.rpm
binutils-devel-2.30-73.el8_2.1.aarch64.rpm
ppc64le:
binutils-debuginfo-2.30-73.el8_2.1.ppc64le.rpm
binutils-debugsource-2.30-73.el8_2.1.ppc64le.rpm
binutils-devel-2.30-73.el8_2.1.ppc64le.rpm
s390x:
binutils-debuginfo-2.30-73.el8_2.1.s390x.rpm
binutils-debugsource-2.30-73.el8_2.1.s390x.rpm
binutils-devel-2.30-73.el8_2.1.s390x.rpm
x86_64:
binutils-debuginfo-2.30-73.el8_2.1.i686.rpm
binutils-debuginfo-2.30-73.el8_2.1.x86_64.rpm
binutils-debugsource-2.30-73.el8_2.1.i686.rpm
binutils-debugsource-2.30-73.el8_2.1.x86_64.rpm
binutils-devel-2.30-73.el8_2.1.i686.rpm
binutils-devel-2.30-73.el8_2.1.x86_64.rpm
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
binutils-2.30-73.el8_2.1.src.rpm
aarch64:
binutils-2.30-73.el8_2.1.aarch64.rpm
binutils-debuginfo-2.30-73.el8_2.1.aarch64.rpm
binutils-debugsource-2.30-73.el8_2.1.aarch64.rpm
ppc64le:
binutils-2.30-73.el8_2.1.ppc64le.rpm
binutils-debuginfo-2.30-73.el8_2.1.ppc64le.rpm
binutils-debugsource-2.30-73.el8_2.1.ppc64le.rpm
s390x:
binutils-2.30-73.el8_2.1.s390x.rpm
binutils-debuginfo-2.30-73.el8_2.1.s390x.rpm
binutils-debugsource-2.30-73.el8_2.1.s390x.rpm
x86_64:
binutils-2.30-73.el8_2.1.x86_64.rpm
binutils-debuginfo-2.30-73.el8_2.1.x86_64.rpm
binutils-debugsource-2.30-73.el8_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZytzjgjWX9erEAQjnXxAAjMzroAK3/PzhP8ZibNmONASDjjiR7m0U
Xm4sI7HFvU69zKU7sYlE/A5cLTQvuTsD2nUmr4bnOnx1K6/qFTFZp/H+7C37u/Zu
whrhUU3qG/qVekrvgKAaoR/9REiq/igYzHE1p4rJgkbMIkzd05R8nJeODGZsexJ8
00MvV0D/dyC4v9u1Q0IdKuUOavyS65BL4AMIPUgPlno7OrHN/Q/MrH7dFSekJNe+
CzC1PIBY7sL1fEpQQ3+iAFv+DMDlns9oggNe73ZzskM4uFdUIfhbSbXHNCfWb7R9
PMlsfbH7cCEh2yU+a4QrqPzv6TzLka49LpW2D2iThv+IrrAJISEBG2ZI4vIJH9Ss
BRzSUMDxegnv9qn2fzZfjV0ouGyGniJ1IvDItgKmXcpzEDkoHgrQjWNP8FDPo+Ci
YJKzuR7Ax/y5z7QZ/fRDfM5HPVJTJS368gpi4qGw3n8SZCiRveA+Pr6ChWQcYOip
6q4PS1Zc77Dg82Y2GBEbVEiCSzqU5d5LfMHG+y7G4JSbhrbIhOsoXTF08lc1SmVd
TytB+mSXWIR8ou2nP67uTe+UjhYDpkRNCBo5se2b6KELyb3Jdx1xn9iqHYTe31YE
dIu3QScLoqdbEA6Vu4RMKSOhRaC8qovB1CTNqcZJSzcAArd2pPWFvyrc+1FSNGLd
hF9c42mDsck=
=nagq
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: binutils security update
Advisory ID: RHSA-2021:4602-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4602
Issue date: 2021-11-10
CVE Names: CVE-2021-42574
=====================================================================
1. Summary:
An update for binutils is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64
3. Description:
The binutils packages provide a collection of binary utilities for the
manipulation of object code in various object file formats. It includes the
ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings,
strip, and addr2line utilities.
Security Fix(es):
* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:
Tools which display names or strings (readelf, strings, nm, objdump) have a
new command line option --unicode / -U which controls how Unicode
characters are handled.
Using "--unicode=default" will treat them as normal for the tool. This is
the default behaviour when --unicode option is not used.
Using "--unicode=locale" will display them according to the current locale.
Using "--unicode=hex" will display them as hex byte values.
Using "--unicode=escape" will display them as Unicode escape sequences.
Using "--unicode=highlight" will display them as Unicode escape sequences
highlighted in red, if supported by the output device.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
6. Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.1):
aarch64:
binutils-debuginfo-2.30-58.el8_1.3.aarch64.rpm
binutils-debugsource-2.30-58.el8_1.3.aarch64.rpm
binutils-devel-2.30-58.el8_1.3.aarch64.rpm
ppc64le:
binutils-debuginfo-2.30-58.el8_1.3.ppc64le.rpm
binutils-debugsource-2.30-58.el8_1.3.ppc64le.rpm
binutils-devel-2.30-58.el8_1.3.ppc64le.rpm
s390x:
binutils-debuginfo-2.30-58.el8_1.3.s390x.rpm
binutils-debugsource-2.30-58.el8_1.3.s390x.rpm
binutils-devel-2.30-58.el8_1.3.s390x.rpm
x86_64:
binutils-debuginfo-2.30-58.el8_1.3.i686.rpm
binutils-debuginfo-2.30-58.el8_1.3.x86_64.rpm
binutils-debugsource-2.30-58.el8_1.3.i686.rpm
binutils-debugsource-2.30-58.el8_1.3.x86_64.rpm
binutils-devel-2.30-58.el8_1.3.i686.rpm
binutils-devel-2.30-58.el8_1.3.x86_64.rpm
Red Hat Enterprise Linux BaseOS EUS (v. 8.1):
Source:
binutils-2.30-58.el8_1.3.src.rpm
aarch64:
binutils-2.30-58.el8_1.3.aarch64.rpm
binutils-debuginfo-2.30-58.el8_1.3.aarch64.rpm
binutils-debugsource-2.30-58.el8_1.3.aarch64.rpm
ppc64le:
binutils-2.30-58.el8_1.3.ppc64le.rpm
binutils-debuginfo-2.30-58.el8_1.3.ppc64le.rpm
binutils-debugsource-2.30-58.el8_1.3.ppc64le.rpm
s390x:
binutils-2.30-58.el8_1.3.s390x.rpm
binutils-debuginfo-2.30-58.el8_1.3.s390x.rpm
binutils-debugsource-2.30-58.el8_1.3.s390x.rpm
x86_64:
binutils-2.30-58.el8_1.3.x86_64.rpm
binutils-debuginfo-2.30-58.el8_1.3.x86_64.rpm
binutils-debugsource-2.30-58.el8_1.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYvZZtzjgjWX9erEAQjC0g/6Al7B6TvuyVjUduE09EjhNL0J6yZX8CLe
tSZYfpPbWV9QF8RQ4PxW9WGOndZSPIq0QX0/PeFzRbJmXGeCtGUk42l4rKbhwkV6
L3FvnQcjku/KPYJhCPBADKGGNSSXtZ3LOwPIv4PFGpQ4ExAh1BeG0nsa4OpMbKBF
jllsZlU8OkI3Jm9g4W7vHmWF/x7HKBudK2A218SF8ms3xJqnGgCpeEJD/QvCL7BQ
uQV3/MKXZchDTanu3J3Hi4AP5W493PMQdFMwkq0+1zFQr0bXqiLR3XqF4HB2i5Ey
WUrnd0yng2k6sOs/VJOW5cSOBohhgmBFS12MFxHga6xLq9bsPAmQL6L6YV2K3U54
SKz8uWRcavKp2Q7bzKJwhUVFLCq1mHiolSZsSXaO7Yhet3Tj1Rj/8UDwOPpXcuRR
1XarBZZXTxiLCFxSoRBLu0fsz8Xn+ZMzMbD9/yR8G7pNvd9XsXiepBfnLlxBi1PB
rLi/D1nPXK4NbUOXQi6GVjlBg/Di/WskG0KqXrdEbmnakPHM7JEGkfwxt+eZkWao
eL0i4KVlcrsJnJLeuopsE0lRsf3Sw4Pu7d53Ycln/MLeT8nadlI2Nzt1Juhp9/q8
1pjXRfoEeT9oXu/eZVFQXbhRppzGs8mLiVNi8AEhJ5fzQQ1eX9x32EM9PLANynUi
36zWYun/57I=
=tCg8
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYYxtBuNLKJtyKPYoAQjXZRAAk4UrpZwgCA7SjXJpgcoBh75TYi4ZecLp
2a/EOLj8iWhQ3AX8vvGqf55gOAx7z7lcwY0UdYyL6fKJmD2Kt7DRz1V96/1SfDGY
2wa6V6vTM3/iydEZLrufXal0mrr2BY6h5qyfHVWB6X4Z+1WH5JX/FkynFaExDtEr
f1IS0fxpZT0kjYDkMlq4ljp68lPKd1fu+JNz+7dkpfOD6rqvGkzJ9pko6o0po3bc
Lc6yjgPvqfwuhYoIXFfyDRDdmKJGUPaNyZKHwx4v2zmi5tXsYXHWCd0vQS5nW90c
KwlqkvbkU9LMU0K6JSuzGbuXP+wV6Ux3BnlloV+IfcHDAw9n4P4tsmFRMPdr70gK
aQQsAUXAGJwwvlxXdtSlThjQMG2RpCXpaT5ECmHtWjj72R7elHZztv9slQhpp7N+
R/UbskESWlrZNzuRld5qdCdXUnKd2UUKcDwwSG9he3fenGeftq6k7hkSSPwJQ2jG
wSTOO83xaHlSxrjhb+nVi8cZFs81OGqTref+Kwzjq5K3GYekezlrdhbdOo8z5HUa
9336NcX5+Fmxy0SGeS7ycPWEzplbvLW1MXcfXEha0tqP+0+MaYOj7s86+QsyTBet
Veu/cWbUFsCmcWxys9RBt0l+aHJ1IMGyEbpPYH0xiDhObCQ77oLXRhdbwPiL03Fq
aHi1eL59NW4=
=8IH+
-----END PGP SIGNATURE-----