glib2-2.56.1-7.el7, ibus-1.5.17-11.el7
エラータID: AXSA:2020-680:02
リリース日:
2020/10/13 Tuesday - 08:09
題名:
glib2-2.56.1-7.el7, ibus-1.5.17-11.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GLib2 の gio/gfile.c の file_copy_fallback には、
コピーの処理中にファイルの権限を正しく制限しない
問題があり、代わりにデフォルトの権限が使われてしまう
脆弱性があります。(CVE-2019-12450)
- ibus は DBus サーバーセットアップ時の設定ミスにより、
権限のないユーザーが他のユーザーの ibus バスを監視したり、
メソッド呼び出しを送れるため、ローカルの攻撃者がGUIを
使っているユーザーのキーストロークをインターセプトしたり、
インプットメソッドを変えたり、設定に関する入力を変更
できてしまう脆弱性があります。(CVE-2019-14822)
一部 CVE の翻訳文は JVN からの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-12450
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-14822
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
追加情報:
N/A
ダウンロード:
SRPMS
- glib2-2.56.1-7.el7.src.rpm
MD5: b4779873995b5a4827401a43c8907cc0
SHA-256: 05ad30f3afbe6b8fef73776411f99822650b9ff94f0df0f531a67aecc7541ad9
Size: 7.69 MB - ibus-1.5.17-11.el7.src.rpm
MD5: 50709391f3fb1c1b5a8d0de5865c3138
SHA-256: 6803eabe34691b10d6ea6667144465fdd4a49c8abf323a03058c74816ded97ac
Size: 6.73 MB
Asianux Server 7 for x86_64
- glib2-2.56.1-7.el7.x86_64.rpm
MD5: 6620ee3d4172c66c43a07611057b7c5b
SHA-256: 754e62dc05ac5da436c1c54a525af33303f9aa033b48a411a680301b5992641d
Size: 2.45 MB - glib2-devel-2.56.1-7.el7.x86_64.rpm
MD5: 939afdaf8c49fd5294955cf8b55c7f91
SHA-256: f068ed84285801c89f4d2552d104e1d782f23b1ab97c19fd7845d900a547ae53
Size: 452.46 kB - glib2-doc-2.56.1-7.el7.noarch.rpm
MD5: 698ae6d845de9f1a4c18dd2d7a3a4062
SHA-256: c797bbee75e7a4512aa25dd76a3d4af39c68e6a18d68e812ccbcc0c40d112fe8
Size: 1.58 MB - glib2-fam-2.56.1-7.el7.x86_64.rpm
MD5: 3283b92dfd4c4046018b0cc4e6aec95f
SHA-256: cd54d4bf1f6180bb52e80204f51ef42d9894ca037f416788a0960b71a3f6d26d
Size: 7.41 kB - glib2-static-2.56.1-7.el7.x86_64.rpm
MD5: 0e43f6a5b8538a7f326add10fce81c4f
SHA-256: 51c55d11409c5b157c546800741e073bbc1d2f7a97cf4d8c03095d0e960065e8
Size: 1.21 MB - glib2-tests-2.56.1-7.el7.x86_64.rpm
MD5: 07284c289ba9f697e09a6ef1833d2b94
SHA-256: 3a0dec3bc374aeb84314ad9755ff167b24bac3d8e82f3771260e52a798634a12
Size: 1.44 MB - ibus-1.5.17-11.el7.x86_64.rpm
MD5: 994b72ad94fbff051296c613c7bd80f1
SHA-256: d0b0e4cd798d585152c68ac998ae195d23a01e011aacf24338f768736722ba4f
Size: 4.77 MB - ibus-devel-1.5.17-11.el7.x86_64.rpm
MD5: c023dae9f7c855a138ce8babdcf0d59c
SHA-256: 55596a0d5fc89a691e218d2c2e452b07eaee9b8903e3852a269a176066457c57
Size: 181.50 kB - ibus-devel-docs-1.5.17-11.el7.noarch.rpm
MD5: a522225eefaac572cdbea7918755e5bd
SHA-256: 43df93aa79b06a193069609ea8122f86778c1e692e1fa14d22712432f8b4c2f0
Size: 250.55 kB - ibus-gtk2-1.5.17-11.el7.x86_64.rpm
MD5: d423d1568dce66a8556ea708cef24e2f
SHA-256: 2874e814c02e83f28d75b9f3a86fbb32e225e7c9ecd6c0b0a6f9883033c55b5e
Size: 44.28 kB - ibus-gtk3-1.5.17-11.el7.x86_64.rpm
MD5: 4bb272404e32bb833fd299c3fe31a49c
SHA-256: 6dcb5403586c2228e9428e726b0efc2bce9baf17bc170731b8ea1d0a5398d3e1
Size: 44.62 kB - ibus-libs-1.5.17-11.el7.x86_64.rpm
MD5: bed0816272a45898b99556925ed76e09
SHA-256: 34094dfc191e795fc11f231b58d660cc6f6bdb88f3b8e9b8802a20ea5d1f4223
Size: 227.07 kB - ibus-pygtk2-1.5.17-11.el7.noarch.rpm
MD5: 7238f6cfa628a896a52b8bdd7f292e7d
SHA-256: 6a89e3c9e11010bea44c302f45fac2a7bae1215a3e1f81e726689329ec4fdd89
Size: 109.11 kB - ibus-setup-1.5.17-11.el7.noarch.rpm
MD5: 8402e06d892b16b2847ee4124757b7b7
SHA-256: 58e4e64035d0a8b8fea0677a249b0f1a95a8049799534cd0b044cc9cc3c64e92
Size: 79.37 kB - glib2-2.56.1-7.el7.i686.rpm
MD5: e0571e86c28ddf011c8198ef03c280b7
SHA-256: a930166836e6671929ab7e30ad0c874d463600612296e784dc3e684e3635c4aa
Size: 2.43 MB - glib2-devel-2.56.1-7.el7.i686.rpm
MD5: 91e76d30ec010257c1cc706773a924ea
SHA-256: 46975ee74190ea86c33c218c20f1a775e78af89e44d3f59b5a22fe77d776e1e4
Size: 451.68 kB - glib2-static-2.56.1-7.el7.i686.rpm
MD5: 1fc3b0f7febed92bd02c963970d05230
SHA-256: 44d4d318e830eb78517b49d8386fef118dc89b7f2f0a9c20f344220a51d4ba5f
Size: 1.19 MB - ibus-1.5.17-11.el7.i686.rpm
MD5: bf36315878968378ec82a9133e5c2044
SHA-256: 159fbf9ae3e310b1d998337728f2ef59c4045223f633f8d2869f67cb37cc96af
Size: 4.77 MB - ibus-devel-1.5.17-11.el7.i686.rpm
MD5: 9bddd22c6268cb7d118d15b0281c3c82
SHA-256: f33bdc35591209aaa5512f1fccb1935bb8513caeebc7754a3e310380f2969d9b
Size: 181.53 kB - ibus-gtk2-1.5.17-11.el7.i686.rpm
MD5: 1a2565215c7ec09dec28a7d7fff057b9
SHA-256: 97435c09986b5845d8e7ad5ae591ebb18c47390716c29046d71babb1f59977e7
Size: 44.26 kB - ibus-gtk3-1.5.17-11.el7.i686.rpm
MD5: ec55d07f4e528cfc4fcef7a282a045b8
SHA-256: da9fdf98472e614f201655b0fa311f96dbc5f50bbf34a86ecdbad360a00b88c7
Size: 44.64 kB - ibus-libs-1.5.17-11.el7.i686.rpm
MD5: 88f420ada905b5f822c2eb8fe2c9a3d4
SHA-256: d49f0de15d64b63aec9a38abb12fa10afbc57b6f177d9f6e4e1231d4af466769
Size: 222.49 kB