librepo-1.11.0-3.el8
エラータID: AXSA:2020-543:01
リリース日:
2020/10/01 Thursday - 08:17
題名:
librepo-1.11.0-3.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- librepo には、リモートリポジトリにおけるメタデータのパスの
サニタイズに失敗する時、ディレクトリトラバーサルの問題があり、
攻撃者がクリティカルなファイルを上書きすることで、システムが
危険な状態に晒される可能性のある脆弱性があります。(CVE-2020-14352)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしたください。
CVE:
CVE-2020-14352
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
追加情報:
N/A
ダウンロード:
SRPMS
- librepo-1.11.0-3.el8.src.rpm
MD5: a27c34a28d18612cb7986c05470373dc
SHA-256: bbb02763b6dd58dbf4956bac62e0d49d97cdf08fa7961ceb21d28cdd7178e018
Size: 803.13 kB
Asianux Server 8 for x86_64
- librepo-1.11.0-3.el8.x86_64.rpm
MD5: 37d06c5d7be011612b2ebaf3f8082a06
SHA-256: 03ebd469fa0043a1e54f66ad656fc65c10c032267a833cbe09b7e926981cf892
Size: 88.58 kB - python3-librepo-1.11.0-3.el8.x86_64.rpm
MD5: 296ccbaa0a98654fcde4c9745110c5be
SHA-256: 06a68e4cf7474dbf0429b6c5b95151a30605d1afb03efba6709ac553a11fb900
Size: 50.61 kB - librepo-1.11.0-3.el8.i686.rpm
MD5: b35c4c284456c2e741b36247ed93ad5d
SHA-256: bdb37f426949d665f5d92de1d1bc397917d60b83907aef1595a5bf032428bcd7
Size: 93.54 kB