ipmitool-1.8.18-9.el7

エラータID: AXSA:2020-4530:01

Release date: 
Thursday, March 26, 2020 - 20:42
Subject: 
ipmitool-1.8.18-9.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.

Security Fix(es):

* ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-5208
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Solution: 

Update packages.

CVEs: 
CVE-2020-5208
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
Additional Info: 

N/A

Download: 

SRPMS
  1. ipmitool-1.8.18-9.el7.src.rpm
    MD5: 60ffb19dc64b61027dfe938080af513d
    SHA-256: d1fda874b55c482fe0afc836fb0f39af7ff2bd50d775fcf02656ef82ff0a6080
    Size: 807.66 kB

Asianux Server 7 for x86_64
  1. ipmitool-1.8.18-9.el7.x86_64.rpm
    MD5: fba724ddd04506487836e7307e749bc9
    SHA-256: b6fe4e7f493b92ff8d4de73d0c69d523a36d612a96271901fa6abc0714bf695f
    Size: 440.90 kB