augeas-1.4.0-2.el7.1
エラータID: AXSA:2017-2340:01
Augeas is a configuration editing tool. It parses configuration files in their
native formats and transforms them into a tree. Configuration changes are made
by manipulating this tree and saving it back into native config files.
Security Fix(es):
* A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. (CVE-2017-7555)
This issue was discovered by Han Han (Asianux).
CVE-2017-7555
Augeas versions up to and including 1.8.0 are vulnerable to heap-based
buffer overflow due to improper handling of escaped strings. Attacker
could send crafted strings that would cause the application using
augeas to copy past the end of a buffer, leading to a crash or
possible code execution.
Update packages.
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
N/A
SRPMS
- augeas-1.4.0-2.el7.1.src.rpm
MD5: d037ccdc706554a9c41f6b067de27886
SHA-256: 9fd2bc6bd6619d7f475282d2feb59e9ec565471a62679335d526fbd7ce452e6e
Size: 1.98 MB
Asianux Server 7 for x86_64
- augeas-1.4.0-2.el7.1.x86_64.rpm
MD5: 8bf97355d9595b711aa142622d0f5016
SHA-256: 2a87ded6d5cfc899890d03ef1ea3117924c13828b92f7ad29c189d342de856cd
Size: 37.68 kB - augeas-libs-1.4.0-2.el7.1.x86_64.rpm
MD5: de6f125c413a6c4f413dd059bd8747a4
SHA-256: 0d1ea86451908c95448b3fcb3e2395afc6b763406fcd6a2928054ce4e11d7d95
Size: 353.84 kB - augeas-libs-1.4.0-2.el7.1.i686.rpm
MD5: a7e61f468cbe0e93cb3147ae47530adb
SHA-256: fb3e3ef365bc3ff2bc278f4524958d47a0eedc38288d3945933cf5385fee473d
Size: 351.25 kB