libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7
エラータID: AXSA:2019-4267:01
リリース日:
2019/09/12 Thursday - 10:08
題名:
libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- spice-client には LZ 圧縮されたフレームの処理に複数の整数バッファオー
バーフローとバッファオーバーフローの問題があり、不正なサーバがクライア
ントをクラッシュさせる、あるいは任意のコードを実行させる可能性のある
脆弱性があります。(CVE-2018-10893)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
追加情報:
N/A
ダウンロード:
SRPMS
- libgovirt-0.3.4-3.el7.src.rpm
MD5: 38684633a5144b2055081dc0d274c8f0
SHA-256: 536e555aa1580ef6a04ef0b3230568c7317eccb25741455b619fc10687a42f0f
Size: 353.86 kB - spice-gtk-0.35-4.el7.src.rpm
MD5: f40c97d91f15fa19b4b86ec9c1b51cff
SHA-256: 29fe21d1065eb3470b8def5ec9274ebb22f05132168aa5e34e7ddf6d5f683585
Size: 1.40 MB - spice-vdagent-0.14.0-18.el7.src.rpm
MD5: 91b9ae4d6f8a90bc88567e29cc962f7d
SHA-256: 33c47475bf46074e485051e5d1ec8290e95190dfa7160b2143a27ca2a3157254
Size: 168.49 kB - virt-viewer-5.0-15.el7.src.rpm
MD5: 532b48adb7424881d0cbc91b4013e817
SHA-256: 9ca53755582c0d9951f8d022f7353723d2cf69dfee35045a763f19f515b79005
Size: 1.01 MB
Asianux Server 7 for x86_64
- libgovirt-0.3.4-3.el7.x86_64.rpm
MD5: 109fbf9e7662c5f4f9469181e4596aa3
SHA-256: 311048b297f3e9f32e503545a05f204a4449a26b03d7f3c2531d4af59bb12291
Size: 73.40 kB - libgovirt-0.3.4-3.el7.i686.rpm
MD5: 2ba7a7d0c931e55911f90f31e60a54f6
SHA-256: c06d7998f63ade1f7b4670d0a822d6f6e1a048fa55f92fdcb571f54e1c8cbbcc
Size: 72.66 kB - spice-glib-0.35-4.el7.x86_64.rpm
MD5: 8c1999ae7d8f3192d2e1c1cbd78b477b
SHA-256: b6b47b28047d1ea3ce07501a00bcb6cebe2e3a7b8a25c360ee5b8c6a86465c2c
Size: 355.13 kB - spice-gtk3-0.35-4.el7.x86_64.rpm
MD5: 1c3c82d044308a93323503a462f3bb97
SHA-256: 5251d693f1baeee64dbcf20a92d48ecd9c91e929714401e3ebbbbfff9327c232
Size: 86.28 kB - spice-glib-0.35-4.el7.i686.rpm
MD5: 3d7b7acfcd04f013b875928e71d92d11
SHA-256: 5804277453002daa06eb336f6baf6b90cf688aac42a759108952672bb5ca2034
Size: 354.36 kB - spice-gtk3-0.35-4.el7.i686.rpm
MD5: c5595ca0ab44edda7811bb96aad2f2ff
SHA-256: 0958da1db11cea13a3c54cdc9903bad416a1fa821abd3c80e099018cd538a5e0
Size: 85.60 kB - spice-vdagent-0.14.0-18.el7.x86_64.rpm
MD5: 731222ca7a2754a08af0ac31ee3fa942
SHA-256: 116711a541321b26aa1c923f3e0d18c95469392afbe680a69e90aaaa5cab7b3a
Size: 69.67 kB - virt-viewer-5.0-15.el7.x86_64.rpm
MD5: e9deb100ee8e99049e7c3b8e15409ef7
SHA-256: 6bf2e81060936838a3a48ea389095bfab2a2a651c494cfbb94b063c994076ae8
Size: 392.48 kB