libsolv-0.6.34-4.el7
エラータID: AXSA:2019-4081:02
リリース日:
2019/08/19 Monday - 18:30
題名:
libsolv-0.6.34-4.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- libsolvにはNULLポインタ参照により、DoS攻撃が可能な脆弱性があります。
(CVE-2018-20532)
- libsolvにはNULLポインタ参照により、DoS攻撃が可能な脆弱性があります。
(CVE-2018-20533)
- libsolvにはアドレス違反アクセスにより、DoS攻撃が可能な脆弱性があります。
(CVE-2018-20534)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-20532
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20533
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20534
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.
** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application.
追加情報:
N/A
ダウンロード:
SRPMS
- libsolv-0.6.34-4.el7.src.rpm
MD5: 98f3c24a8d13b4bc010bc17ff2ff9b52
SHA-256: 4f96799b35e2f36136b90493a8f389622f843b1226bf0f5b036b56c8a6a07a07
Size: 632.80 kB
Asianux Server 7 for x86_64
- libsolv-0.6.34-4.el7.x86_64.rpm
MD5: 2e254e7d1d4de8f2e3fcef77a302d5f3
SHA-256: 8f218216555c2ed8cec44b564ca774a6030524e4c06a4df4ddfee8b46c75dbb4
Size: 327.93 kB - libsolv-devel-0.6.34-4.el7.x86_64.rpm
MD5: c8d61b6ef26a0adedfc2f718e8cb0631
SHA-256: 89d53f0512bea2b8e7d3427fa1eb42559d7f7b5c9c105147454987907360506b
Size: 92.36 kB - libsolv-tools-0.6.34-4.el7.x86_64.rpm
MD5: 0af76b75a82a5869ce736a70c50e64c2
SHA-256: 0a268a525477a99da130e369ce6f31205b45ec5afe841836b8c40252b288b473
Size: 57.71 kB - libsolv-0.6.34-4.el7.i686.rpm
MD5: d649fd3a501e359def1adc8ba1e2bccd
SHA-256: b040e8dd22e5ade1bca197a905f97ae89ae73e02551dd7dd9157823de3c7b356
Size: 318.63 kB - libsolv-devel-0.6.34-4.el7.i686.rpm
MD5: 976feac0f4d663dbad90df1b0b4277bb
SHA-256: bc1c332403d7ea744131a6ff4ef58cf8aea879a8a05b484dfcd09b47845ddf0a
Size: 92.38 kB - libsolv-tools-0.6.34-4.el7.i686.rpm
MD5: eb1f288d34b2cfed399f68ea82e0cc7b
SHA-256: 0067e8032d69318f36327b940f632d5c22204b73fa6d1a74e0cf1aa826b96b59
Size: 56.23 kB