AXSA:2021-1317:01

リリース日: 
2021/01/26 Tuesday - 08:59
題名: 
frr-7.0-10.el8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.

Security Fix(es):

* frr: default permission issue eases information leaks (CVE-2020-12831)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-12831
** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. frr-7.0-10.el8.src.rpm
    MD5: 867be48c60f8408701f1ea7ea98502ba
    SHA-256: df1f4aa51d8dfc08d27dd8ead1d0e6d1b12bb51051bd3d111a4de622a275b9e5
    Size: 4.66 MB

Asianux Server 8 for x86_64
  1. frr-7.0-10.el8.x86_64.rpm
    MD5: 7a0dc8f8adcb30066057742aba2b5485
    SHA-256: 788c19b7db0323e334ab75be4f714f9e2f5409484399074891fcfcd9379b95b5
    Size: 2.52 MB
  2. frr-contrib-7.0-10.el8.x86_64.rpm
    MD5: e59dade36041efcaceea6d3bcf7dfe19
    SHA-256: 5126d89e5378377816273f3aa1d264330f747243a652d9851562ca6531fb428a
    Size: 18.39 kB
Copyright© 2007-2015 Asianux. All rights reserved.