brotli-1.0.6-3.el8

エラータID: AXSA:2021-1864:02

Release date: 
Wednesday, November 17, 2021 - 13:16
Subject: 
brotli-1.0.6-3.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

Security Fix(es):

* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. brotli-1.0.6-3.el8.src.rpm
    MD5: d741e6944fac4e469f6b42618482dd5d
    SHA-256: a5fb4061120cc01e6b05906a88d72db9c514aa687171ce90929850de0a2d6907
    Size: 22.73 MB

Asianux Server 8 for x86_64
  1. brotli-1.0.6-3.el8.x86_64.rpm
    MD5: 46870527ba04697857b2b1a8360ff8ff
    SHA-256: 14d38297f7936ab3bde3b203abcd3d77889d9f0db47a96bee297951da64ad98c
    Size: 322.18 kB
  2. brotli-devel-1.0.6-3.el8.x86_64.rpm
    MD5: 1eb91b0b521102c34e7ffe68d8b45f77
    SHA-256: d29559a29c6047197544a19aac61779d9170d8c3817b0085fb27cad5738d647f
    Size: 30.11 kB
  3. python3-brotli-1.0.6-3.el8.x86_64.rpm
    MD5: fbd136341e969a862a789b58de7d642c
    SHA-256: 0df2d97a4943f93481107a965fea0d2b8d52a76bfbbdb06a465e04a8e7187a5f
    Size: 306.60 kB
  4. brotli-1.0.6-3.el8.i686.rpm
    MD5: 42d24a0d6b05826b0d7aa2f81889d6b9
    SHA-256: eaf584a07e9b92405eb7b5e67f0163b83daae3721a8f00ff725175a420731563
    Size: 321.45 kB
  5. brotli-devel-1.0.6-3.el8.i686.rpm
    MD5: 3fd5a5a9d3ddd2c0d62b7601722f5c17
    SHA-256: 85deb4764e3af15f9ca5c2cfd4532bd17100853912760a1a5e818ce3db4a2f08
    Size: 30.11 kB