alsa-2021:4743
Vulnerability from osv_almalinux
Published
2021-11-18 16:29
Modified
2021-11-21 06:08
Summary
Moderate: llvm-toolset:rhel8 security update
Details
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.
Security Fix(es):
- Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)
The following changes were introduced in clang in order to facilitate detection of BiDi Unicode characters:
clang-tidy now finds identifiers that contain Unicode characters with right-to-left direction, which can be confusing as they may change the understanding of a whole statement.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "clang"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "clang-analyzer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "clang-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "clang-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "clang-resource-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "clang-tools-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "compiler-rt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-clang-format"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libomp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libomp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libomp-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "lld"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "lld-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "lld-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "lld-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "lldb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "lldb-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-googletest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-2.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "llvm-toolset"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-clang"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-4.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-lit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-lldb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.1-1.module_el8.4.0+2600+cefb5d4c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.\n\nSecurity Fix(es):\n\n* Developer environment: Unicode\u0027s bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)\n\nThe following changes were introduced in clang in order to facilitate detection of BiDi Unicode characters:\n\nclang-tidy now finds identifiers that contain Unicode characters with right-to-left direction, which can be confusing as they may change the understanding of a whole statement.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2021:4743",
"modified": "2021-11-21T06:08:08Z",
"published": "2021-11-18T16:29:15Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-42574"
}
],
"related": [
"CVE-2021-42574"
],
"summary": "Moderate: llvm-toolset:rhel8 security update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…