librabbitmq-0.9.0-2.el8
エラータID: AXSA:2021-1184:01
リリース日:
2021/01/14 Thursday - 11:56
題名:
librabbitmq-0.9.0-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- rabbitmqには、CONNECTION_STATE_HEADERの処理に整数のオーバーフロー問題があり、
悪意あるサーバーが不十分な大きさの target_size を返すことにより、ヒープバッファに
大きなデータをコピーさせ、ヒープメモリの破壊につながる脆弱性があります。(CVE-2019-18609)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
追加情報:
N/A
ダウンロード:
SRPMS
- librabbitmq-0.9.0-2.el8.src.rpm
MD5: acad3f1ee01e258d06c305932811621e
SHA-256: fe712f4e6cf9f76c697365c9f7359e4cf0bcbdf8716fc9c7770bb394698f58ef
Size: 154.15 kB
Asianux Server 8 for x86_64
- librabbitmq-0.9.0-2.el8.x86_64.rpm
MD5: dc9249877cfb39ad33c4c6b446c29211
SHA-256: 67401f64952d551cce1b8670d1add7fa7ca55128edf8021bafc525e4c2da261f
Size: 45.61 kB - librabbitmq-0.9.0-2.el8.i686.rpm
MD5: 531d119ff743b36805637b3dd3823ff8
SHA-256: 7043f53cfa1ac94440c1f04a070dad58488bf0327f152dc23e91b1a496e85134
Size: 50.19 kB