environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

Moderate: Red Hat Security Advisory: gcc-toolset-10-annobin security update

An update for gcc-toolset-10-annobin is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

Moderate: annobin security update

Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in annobin in order to facilitate...

ALSA-2021:4592 Moderate: gcc-toolset-10-annobin security update

Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in annobin in order to facilitate...

RLSA-2021:4592 Moderate: gcc-toolset-10-annobin security update

Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced in annobin in order to facilitate...

RLSA-2021:4587 Moderate: gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were...

Moderate: gcc-toolset-10-gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were...

RHEL 7 : binutils (RHSA-2021:4037)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4037 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

Scientific Linux Security Update : binutils on SL7.x i686/x86_64 (2021:4033)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:4033-1 advisory. - Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 Note that Nessus has not tested f...

RHEL 7 : binutils (RHSA-2021:4034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4034 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

‘Trojan Source’ Hides Invisible Bugs in Source Code

Researchers have found a new way to encode potentially evil source code, such that human reviewers see a harmless version and compilers see the invisible, wicked version. Named “Trojan Source attacks,” the method “exploits subtleties in text-encoding standards such as Unicode to produce source co...

New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed "Trojan Source...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

RHEL 7 : binutils (RHSA-2021:4033)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4033 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

Cloud is King: 9 Software Security Trends to Watch in 2021

IT security professionals have largely spent the year managing a once-in-a-generation workforce shift from office to home in 2020. With the initial push over, experts predict that 2021 will be focused on shoring up the cloud and re-imagining organizational workflows under this new normal. Softwar...