ALAS2-2022-1784

Amazon Linux 2 Security Advisory: ALAS-2022-1784
Advisory Release Date: 2022-04-25 22:57 Pacific
Advisory Updated Date: 2022-04-27 16:35 Pacific
Severity: Medium
Issue Overview:

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer. (CVE-2021-42574)


Affected Packages:

gcc10, gcc


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update gcc10 to update your system.
Run yum update gcc to update your system.

New Packages:
aarch64:
    gcc-7.3.1-14.amzn2.aarch64
    libgcc-7.3.1-14.amzn2.aarch64
    gcc-c++-7.3.1-14.amzn2.aarch64
    libstdc++-7.3.1-14.amzn2.aarch64
    libstdc++-docs-7.3.1-14.amzn2.aarch64
    gcc-objc-7.3.1-14.amzn2.aarch64
    gcc-objc++-7.3.1-14.amzn2.aarch64
    libobjc-7.3.1-14.amzn2.aarch64
    gcc-gfortran-7.3.1-14.amzn2.aarch64
    libgfortran-7.3.1-14.amzn2.aarch64
    libgomp-7.3.1-14.amzn2.aarch64
    gcc-gdb-plugin-7.3.1-14.amzn2.aarch64
    libgccjit-7.3.1-14.amzn2.aarch64
    libgccjit-devel-7.3.1-14.amzn2.aarch64
    libitm-7.3.1-14.amzn2.aarch64
    libatomic-7.3.1-14.amzn2.aarch64
    libsanitizer-7.3.1-14.amzn2.aarch64
    cpp-7.3.1-14.amzn2.aarch64
    gcc-gnat-7.3.1-14.amzn2.aarch64
    libgnat-7.3.1-14.amzn2.aarch64
    gcc-go-7.3.1-14.amzn2.aarch64
    libgo-7.3.1-14.amzn2.aarch64
    gcc-plugin-devel-7.3.1-14.amzn2.aarch64
    gcc-debuginfo-7.3.1-14.amzn2.aarch64
    gcc-base-debuginfo-7.3.1-14.amzn2.aarch64
    gcc10-10.3.1-1.amzn2.0.2.aarch64
    gcc10-c++-10.3.1-1.amzn2.0.2.aarch64
    libstdc++10-devel-10.3.1-1.amzn2.0.2.aarch64
    libstdc++10-docs-10.3.1-1.amzn2.0.2.aarch64
    gcc10-gdb-plugin-10.3.1-1.amzn2.0.2.aarch64
    libitm10-devel-10.3.1-1.amzn2.0.2.aarch64
    libatomic10-devel-10.3.1-1.amzn2.0.2.aarch64
    libasan10-10.3.1-1.amzn2.0.2.aarch64
    libasan10-devel-10.3.1-1.amzn2.0.2.aarch64
    cpp10-10.3.1-1.amzn2.0.2.aarch64
    gcc10-plugin-devel-10.3.1-1.amzn2.0.2.aarch64
    gcc10-debuginfo-10.3.1-1.amzn2.0.2.aarch64

i686:
    gcc-7.3.1-14.amzn2.i686
    libgcc-7.3.1-14.amzn2.i686
    gcc-c++-7.3.1-14.amzn2.i686
    libstdc++-7.3.1-14.amzn2.i686
    libstdc++-docs-7.3.1-14.amzn2.i686
    gcc-objc-7.3.1-14.amzn2.i686
    gcc-objc++-7.3.1-14.amzn2.i686
    libobjc-7.3.1-14.amzn2.i686
    gcc-gfortran-7.3.1-14.amzn2.i686
    libgfortran-7.3.1-14.amzn2.i686
    libgomp-7.3.1-14.amzn2.i686
    gcc-gdb-plugin-7.3.1-14.amzn2.i686
    libgccjit-7.3.1-14.amzn2.i686
    libgccjit-devel-7.3.1-14.amzn2.i686
    libquadmath-7.3.1-14.amzn2.i686
    libitm-7.3.1-14.amzn2.i686
    libatomic-7.3.1-14.amzn2.i686
    libsanitizer-7.3.1-14.amzn2.i686
    libcilkrts-7.3.1-14.amzn2.i686
    libmpx-7.3.1-14.amzn2.i686
    cpp-7.3.1-14.amzn2.i686
    gcc-gnat-7.3.1-14.amzn2.i686
    libgnat-7.3.1-14.amzn2.i686
    gcc-go-7.3.1-14.amzn2.i686
    libgo-7.3.1-14.amzn2.i686
    gcc-plugin-devel-7.3.1-14.amzn2.i686
    gcc-debuginfo-7.3.1-14.amzn2.i686
    gcc-base-debuginfo-7.3.1-14.amzn2.i686
    gcc10-10.3.1-1.amzn2.0.2.i686
    gcc10-c++-10.3.1-1.amzn2.0.2.i686
    libstdc++10-devel-10.3.1-1.amzn2.0.2.i686
    libstdc++10-docs-10.3.1-1.amzn2.0.2.i686
    gcc10-gdb-plugin-10.3.1-1.amzn2.0.2.i686
    libquadmath10-devel-10.3.1-1.amzn2.0.2.i686
    libitm10-devel-10.3.1-1.amzn2.0.2.i686
    libatomic10-devel-10.3.1-1.amzn2.0.2.i686
    libasan10-10.3.1-1.amzn2.0.2.i686
    libasan10-devel-10.3.1-1.amzn2.0.2.i686
    cpp10-10.3.1-1.amzn2.0.2.i686
    gcc10-plugin-devel-10.3.1-1.amzn2.0.2.i686
    gcc10-debuginfo-10.3.1-1.amzn2.0.2.i686

src:
    gcc-7.3.1-14.amzn2.src
    gcc10-10.3.1-1.amzn2.0.2.src

x86_64:
    gcc-7.3.1-14.amzn2.x86_64
    libgcc-7.3.1-14.amzn2.x86_64
    gcc-c++-7.3.1-14.amzn2.x86_64
    libstdc++-7.3.1-14.amzn2.x86_64
    libstdc++-docs-7.3.1-14.amzn2.x86_64
    gcc-objc-7.3.1-14.amzn2.x86_64
    gcc-objc++-7.3.1-14.amzn2.x86_64
    libobjc-7.3.1-14.amzn2.x86_64
    gcc-gfortran-7.3.1-14.amzn2.x86_64
    libgfortran-7.3.1-14.amzn2.x86_64
    libgomp-7.3.1-14.amzn2.x86_64
    gcc-gdb-plugin-7.3.1-14.amzn2.x86_64
    libgccjit-7.3.1-14.amzn2.x86_64
    libgccjit-devel-7.3.1-14.amzn2.x86_64
    libquadmath-7.3.1-14.amzn2.x86_64
    libitm-7.3.1-14.amzn2.x86_64
    libatomic-7.3.1-14.amzn2.x86_64
    libsanitizer-7.3.1-14.amzn2.x86_64
    libcilkrts-7.3.1-14.amzn2.x86_64
    libmpx-7.3.1-14.amzn2.x86_64
    cpp-7.3.1-14.amzn2.x86_64
    gcc-gnat-7.3.1-14.amzn2.x86_64
    libgnat-7.3.1-14.amzn2.x86_64
    gcc-go-7.3.1-14.amzn2.x86_64
    libgo-7.3.1-14.amzn2.x86_64
    gcc-plugin-devel-7.3.1-14.amzn2.x86_64
    gcc-debuginfo-7.3.1-14.amzn2.x86_64
    gcc-base-debuginfo-7.3.1-14.amzn2.x86_64
    gcc10-10.3.1-1.amzn2.0.2.x86_64
    gcc10-c++-10.3.1-1.amzn2.0.2.x86_64
    libstdc++10-devel-10.3.1-1.amzn2.0.2.x86_64
    libstdc++10-docs-10.3.1-1.amzn2.0.2.x86_64
    gcc10-gdb-plugin-10.3.1-1.amzn2.0.2.x86_64
    libquadmath10-devel-10.3.1-1.amzn2.0.2.x86_64
    libitm10-devel-10.3.1-1.amzn2.0.2.x86_64
    libatomic10-devel-10.3.1-1.amzn2.0.2.x86_64
    libasan10-10.3.1-1.amzn2.0.2.x86_64
    libasan10-devel-10.3.1-1.amzn2.0.2.x86_64
    cpp10-10.3.1-1.amzn2.0.2.x86_64
    gcc10-plugin-devel-10.3.1-1.amzn2.0.2.x86_64
    gcc10-debuginfo-10.3.1-1.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2021-42574

Mitre: CVE-2021-42574