libsolv-0.6.34-4.el7

エラータID: AXSA:2019-4081:02

Release date: 
Monday, August 19, 2019 - 18:30
Subject: 
libsolv-0.6.34-4.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.

Security Fix(es):

* libsolv: NULL pointer dereference in function testcase_read (CVE-2018-20532)

* libsolv: NULL pointer dereference in function testcase_str2dep_complex (CVE-2018-20533)

* libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-20532
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20533
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20534
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.

Solution: 

Update packages.

CVEs: 
CVE-2018-20532
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20533
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20534
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsolv-0.6.34-4.el7.src.rpm
    MD5: 98f3c24a8d13b4bc010bc17ff2ff9b52
    SHA-256: 4f96799b35e2f36136b90493a8f389622f843b1226bf0f5b036b56c8a6a07a07
    Size: 632.80 kB

Asianux Server 7 for x86_64
  1. libsolv-0.6.34-4.el7.x86_64.rpm
    MD5: 2e254e7d1d4de8f2e3fcef77a302d5f3
    SHA-256: 8f218216555c2ed8cec44b564ca774a6030524e4c06a4df4ddfee8b46c75dbb4
    Size: 327.93 kB
  2. libsolv-devel-0.6.34-4.el7.x86_64.rpm
    MD5: c8d61b6ef26a0adedfc2f718e8cb0631
    SHA-256: 89d53f0512bea2b8e7d3427fa1eb42559d7f7b5c9c105147454987907360506b
    Size: 92.36 kB
  3. libsolv-tools-0.6.34-4.el7.x86_64.rpm
    MD5: 0af76b75a82a5869ce736a70c50e64c2
    SHA-256: 0a268a525477a99da130e369ce6f31205b45ec5afe841836b8c40252b288b473
    Size: 57.71 kB
  4. libsolv-0.6.34-4.el7.i686.rpm
    MD5: d649fd3a501e359def1adc8ba1e2bccd
    SHA-256: b040e8dd22e5ade1bca197a905f97ae89ae73e02551dd7dd9157823de3c7b356
    Size: 318.63 kB
  5. libsolv-devel-0.6.34-4.el7.i686.rpm
    MD5: 976feac0f4d663dbad90df1b0b4277bb
    SHA-256: bc1c332403d7ea744131a6ff4ef58cf8aea879a8a05b484dfcd09b47845ddf0a
    Size: 92.38 kB
  6. libsolv-tools-0.6.34-4.el7.i686.rpm
    MD5: eb1f288d34b2cfed399f68ea82e0cc7b
    SHA-256: 0067e8032d69318f36327b940f632d5c22204b73fa6d1a74e0cf1aa826b96b59
    Size: 56.23 kB