librabbitmq-0.8.0-3.el7
エラータID: AXSA:2020-608:01
リリース日:
2020/10/07 Wednesday - 05:01
題名:
librabbitmq-0.8.0-3.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- rabbitmqには、CONNECTION_STATE_HEADERの処理に整数のオーバーフロー問題があり、
悪意あるサーバーが不十分な大きさの target_size を返すことにより、ヒープバッファに
大きなデータをコピーさせ、ヒープメモリの破壊につながる脆弱性があります。(CVE-2019-18609)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
追加情報:
N/A
ダウンロード:
SRPMS
- librabbitmq-0.8.0-3.el7.src.rpm
MD5: 7dcae8b88f997c09f236a45350406e10
SHA-256: 42297a3abb2a85841899ad0e82b715333a4e8ed65b758b227d6f825d03c4b215
Size: 462.45 kB
Asianux Server 7 for x86_64
- librabbitmq-0.8.0-3.el7.x86_64.rpm
MD5: 502e7162f5996636a3f0c4b70b8f6187
SHA-256: f11482cf6e759e30516c6470f51ee7d59c48812dd05905fd94af87329658bfa1
Size: 36.00 kB - librabbitmq-devel-0.8.0-3.el7.x86_64.rpm
MD5: 83bd5ddfd47e88f7870f1c2014522439
SHA-256: 341f1ca052dfb01f461a01b54c0c85f55d5fb18c6affa66e4bbb384644132789
Size: 35.21 kB - librabbitmq-examples-0.8.0-3.el7.x86_64.rpm
MD5: c156fe2b40d68545176c5d97878f9312
SHA-256: 493b15021a45f2cf7cd580b378f3a2968f2284d7642aad63b788f7686a5898ce
Size: 33.01 kB - librabbitmq-0.8.0-3.el7.i686.rpm
MD5: ecebb272249e986ef964caaa81194179
SHA-256: bc649396b8e0744c94808cbf4a652b7a3111bc5ed4e3b36f1defdfb7595ebe1a
Size: 37.63 kB - librabbitmq-devel-0.8.0-3.el7.i686.rpm
MD5: fa28fc0ec3bb21d4012b65d34d818f69
SHA-256: efd7c9abb326eb6fd0bac58347edf25fe8b2daec821d1dc44afce6999fc2d25b
Size: 35.26 kB