advancecomp-1.15-21.el7
エラータID: AXSA:2019-4098:01
リリース日:
2019/08/19 Monday - 19:26
題名:
advancecomp-1.15-21.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- AdvanceCOMPには、特別に細工されたバイナリファイルを送ることにより、
NULLポインタ参照をさせ、攻撃者にDoS攻撃(セグメンテーションフォルト)や他の
不明な攻撃を許すことにつながる可能性のある脆弱性があります。 (CVE-2019-8379)
- AdvanceCOMPには、特別に細工されたバイナリファイルを送ることにより、
不正なメモリアクセスをさせ、攻撃者にDoS攻撃(セグメンテーションフォルト)や他の
不明な攻撃を許すことにつながる可能性のある脆弱性があります。 (CVE-2019-8383)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-8379
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8383
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
追加情報:
N/A
ダウンロード:
SRPMS
- advancecomp-1.15-21.el7.src.rpm
MD5: 05d432013836aef075c59b427074f6de
SHA-256: 0df04fddadc2a34eff4bc6941f56a23ee50b25a87b8010c54931ef7500e11ca2
Size: 262.49 kB
Asianux Server 7 for x86_64
- advancecomp-1.15-21.el7.x86_64.rpm
MD5: 96a1f2b3d98ba3959b4019aff602686d
SHA-256: ab04177f3df252543a17a22cc1dfe7fc3c113989dee63376abef45837c716c88
Size: 172.86 kB