aide-0.16-15.el8_10.2

エラータID: AXSA:2025-10798:03

Release date: 
Monday, September 1, 2025 - 18:51
Subject: 
aide-0.16-15.el8_10.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions.

Security Fix(es):

* aide: improper output neutralization enables bypassing (CVE-2025-54389)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-54389
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file.

Solution: 

Update packages.

CVEs: 
CVE-2025-54389
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file.
Additional Info: 

N/A

Download: 

SRPMS
  1. aide-0.16-15.el8_10.2.src.rpm
    MD5: 8dfb566413e77afcde12e2b064830bea
    SHA-256: 344a63899fb0fc46cf1cb31caab1e909bac1a1eca82b2baec5e59806ce0b8f8b
    Size: 431.33 kB

Asianux Server 8 for x86_64
  1. aide-0.16-15.el8_10.2.x86_64.rpm
    MD5: a1adac96154ae49b4d66a2fa62822261
    SHA-256: ec2ed6c26e3bc6dc60a701fac1a0b00dd5e3bc32d23884d911d3d40e2316bf1f
    Size: 156.75 kB