CLSA-2022:1645466518

[CLSA-2022:1645466518] Fix of CVE: CVE-2021-20284, CVE-2021-20197, CVE-2021-42574, CVE-2021-3487, CVE-2020-35448

Type:

security

Severity:

moderate

Release date:

2022-02-21

Description:

- CVE-2021-42574: Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (#2009172)
- CVE-2021-20284: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (#1961526)
- CVE-2020-35448: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c (#1953659)
- CVE-2021-3487: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (#1947134)
- CVE-2021-20197: Race window allows users to own arbitrary files (#1920642)

Updated packages:

binutils-devel-2.30-93.el8.4.tuxcare.els1.x86_64.rpm
sha:40328f23360e3cd5e1827c76dd36828497e203bc
binutils-devel-2.30-93.el8.4.tuxcare.els1.i686.rpm
sha:714073d4d109f6fb0973ed46cbc9ca09e50ccaca
binutils-2.30-93.el8.4.tuxcare.els1.x86_64.rpm
sha:bc97c8dd30214f9832d4b71e985b3ea3c1904b7f

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.