openwsman-2.6.3-7.git4391e5c.el7

エラータID: AXSA:2020-623:01

Release date: 
Wednesday, October 7, 2020 - 23:43
Subject: 
openwsman-2.6.3-7.git4391e5c.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects.

Security Fix(es):

openwsman: Infinite loop in process_connection() allows denial of service (CVE-2019-3833)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2019-3833
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Solution: 

Update packages.

CVEs: 
CVE-2019-3833
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
Additional Info: 

N/A

Download: 

SRPMS
  1. openwsman-2.6.3-7.git4391e5c.el7.src.rpm
    MD5: b50eb55bd8c4c3d0bad4faca748aba14
    SHA-256: d712b7b9d115cb96534683127a468eb7e5e986bd6ce3b6611c2779a36b9798f6
    Size: 893.54 kB

Asianux Server 7 for x86_64
  1. libwsman1-2.6.3-7.git4391e5c.el7.x86_64.rpm
    MD5: 5b7b310658fa3c55b55776e8102700c7
    SHA-256: 387a1d0b3d7665ccf48ac5c5e56933f041448b85a9688ddfa01935c62f349b07
    Size: 138.38 kB
  2. openwsman-client-2.6.3-7.git4391e5c.el7.x86_64.rpm
    MD5: 75b344668c843739cf8a1c70c1147e11
    SHA-256: ed78842c9b9719c147f9e13fe6bffce4776ed6ce32f7c521fa05eab8a752c041
    Size: 40.71 kB
  3. openwsman-python-2.6.3-7.git4391e5c.el7.x86_64.rpm
    MD5: 49878ed3d99e144a257e2067a8e98cf1
    SHA-256: 50488a08022cba4ce223a8947a7be5d8c31e1f2a03e9c5c41d36a883ac87bed4
    Size: 109.12 kB
  4. openwsman-server-2.6.3-7.git4391e5c.el7.x86_64.rpm
    MD5: 0728d5632d59867b9ad5aac05d045af3
    SHA-256: debaf47a3a1ee102b8de495f587cf317128307a74f4eceba9129260d1308c58a
    Size: 163.88 kB
  5. libwsman1-2.6.3-7.git4391e5c.el7.i686.rpm
    MD5: 2d21cc6a1ba0fa120e0e600dc7c333a8
    SHA-256: ea0205014f317908cf7c8e97b5246b068dff44945b00dc22ab823842f415c7a9
    Size: 141.14 kB
  6. openwsman-client-2.6.3-7.git4391e5c.el7.i686.rpm
    MD5: 01c7e34a513f8fa58a939fa4b33b4461
    SHA-256: 13a9fd3102cd2a7e5ef5df81f00b67063287c6435fbb6ee18c4b51dd83f6e77a
    Size: 41.21 kB
  7. openwsman-server-2.6.3-7.git4391e5c.el7.i686.rpm
    MD5: b9dae3117c3633f94558471b16a03233
    SHA-256: 95e36e45b7d7217e94d10f9abfb7364f0d14ee46cfd57468ca83a1ed4bce7550
    Size: 159.98 kB