glibc-2.17-260.el7
エラータID: AXSA:2019-3623:01
リリース日:
2019/02/15 Friday - 15:34
題名:
glibc-2.17-260.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GNU C ライブラリのelf/dl-load.cには、特権(setuid あるいは AT_SECURE)
のあるプログラムの場合、$ORIGIN を含んだ RPATH と RUNPATH を不適切
に取り扱っており、ローカルユーザーが、カレントディレクトリからトロイの
木馬ライブラリを介して特権を得ることができる脆弱性があります。
(CVE-2017-16997)
- GNU C ライブラリの stdlib/canonicalize.c には、realpath 関数に
非常に長いパス名が引数として与えられた場合、32 ビット環境における整数
オーバーフローを介して、スタックベースのバッファオーバーフローを引き
起こす、あるいは任意のコードを実行する可能性のある脆弱性があります。
(CVE-2018-11236)
- GNU C ライブラリの AVX-512 最適化されている mempcpy 関数には、対象
バッファをこえてデータを書き込む可能性があり、バッファオーバーフロー
を引き起こす脆弱性があります。(CVE-2018-11237)
- memalign 関数群には、posix_memalign で整数オーバーフローをおこし、
小さすぎるヒープエリアへのポインタが返されるため、ヒープ破壊を引き起こす
可能性がある脆弱性があります。(CVE-2018-6485)
一部 CVE の翻訳文は JVN からの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-16997
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
CVE-2018-11237
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2018-6485
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.17-260.el7.src.rpm
MD5: 420a0934b22da12918b35374d0b36b58
SHA-256: 5971939e6a6ad3250951496de917aac4a86a303a536870e45eb60385b40c0135
Size: 25.03 MB
Asianux Server 7 for x86_64
- glibc-2.17-260.el7.x86_64.rpm
MD5: 4c44d113e9cf697a01832eec17801884
SHA-256: 7a704fd984c96822a92cba6bdcc78a5002697f81af137899ac8a37eaabd5685c
Size: 3.63 MB - glibc-common-2.17-260.el7.x86_64.rpm
MD5: 6ae06c1021a47842234d52363dcc63a5
SHA-256: 830947d997c5761275c2cae8c84f21e28fa01b2b25fa5b80dd85c979bae90f32
Size: 11.49 MB - glibc-devel-2.17-260.el7.x86_64.rpm
MD5: 2bd6d31d3c7372d42c8e8310a93a3cf7
SHA-256: 76ab6c83c36fd13fcf84f3b605d2ae9338baf3b1616490148226ad4aa82bcc63
Size: 1.07 MB - glibc-headers-2.17-260.el7.x86_64.rpm
MD5: 23759a3ff624adea023f5c7c89b09909
SHA-256: bd4464b918b23cdd52890fa1bae6135a078aec621d9cae74c1995e4af499397b
Size: 682.09 kB - glibc-utils-2.17-260.el7.x86_64.rpm
MD5: 085318596f733885f914bf234fe8c9bf
SHA-256: 747cce0c189e121a540379e3e5d9f642f7e7aee7f1c1d252316a7c29f3a74bd3
Size: 220.97 kB - nscd-2.17-260.el7.x86_64.rpm
MD5: b962de7b5be4a543f63b04e5b9a22166
SHA-256: 40f4a76c2a6c1b14f3e226f33fc51cbba8a054772d461cdef38ce0c07bec029f
Size: 279.77 kB - glibc-2.17-260.el7.i686.rpm
MD5: 5adb2107162a4631b2d6ff057cf13852
SHA-256: 8efe2c449f52cf26cf4dfac868a15fd971100af2c8c77b16d983aa4f7f483f22
Size: 4.25 MB - glibc-devel-2.17-260.el7.i686.rpm
MD5: 40a20bb7e5420f4b12d088c69a2ebacb
SHA-256: 114e38bb9e44b8f3c25cb77df1814643a42b2b48f86427390fde5908fedcfab8
Size: 1.07 MB