MiracleLinux 8 : llvm-toolset:rhel8 (AXSA:2022-2984:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2984:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : annobin-9.72-1.el8.2 (AXSA:2022-2958:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2958:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : gcc-toolset-11-annobin-9.85-1.el8.1, gcc-toolset-11-binutils-2.36.1-1.el8.1, gcc-toolset-11-gcc-11.2.1-1.2.el8 (AXSA:2021-2882:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2882:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 7 : binutils-2.27-44.base.el7.1 (AXSA:2021-2508:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2508:04 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : gcc-8.5.0-4.el8 (AXSA:2022-2957:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2957:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : binutils-2.30-108.el8.1 (AXSA:2022-2955:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2955:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : gcc-toolset-10-annobin-9.29-1.el8.2, gcc-toolset-10-gcc-10.3.1-1.2.el8 (AXSA:2021-2881:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2881:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : gcc-toolset-10-binutils-2.35-8.el8.6 (AXSA:2021-2879:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2879:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

RHEL 8 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - The...

RHEL 8 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

CLSA-2022-1646060667 Fix of CVE: CVE-2021-42574, CVE-2018-20673

CVE-2021-42574: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks 2008391 - CVE-2018-20673: libiberty: Integer overflow in demangletemplate function 1668394...

CLSA-2022-1645466518 Fix of CVE: CVE-2021-20284, CVE-2021-20197, CVE-2021-42574, CVE-2021-3487, CVE-2020-35448

CVE-2021-42574: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks 2009172 - CVE-2021-20284: Heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c 1961526 - CVE-2020-35448: Heap-based buffer overflow in bfdgetlsigned32 in...

TrojanSourceFinder - Help Find Trojan Source Vulnerability In Code

TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an attacker to make malicious code appear innocent. In general, the attacker tries to lure by passing his code off as a comment visually. It is a serious threat because it...

llvm-toolset:ol8 security update

clang 12.0.1-4.0.1 - Use all available CPU cores for build - Recognize Oracle Linux distros OraBug: 29422714 12.0.1-4 - Trojan source clang-tidy patchset fix 12.0.1-3 - Trojan source clang-tidy patchset...

RHEL 7 : devtoolset-11-binutils (RHSA-2021:4730)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4730 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

RLSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

ALSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...