frr-7.0-10.el8
エラータID: AXSA:2021-1317:01
リリース日:
2021/01/26 Tuesday - 09:59
題名:
frr-7.0-10.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- FRRouting には、split-config 機能の利用時に空の設定ファイル
を全ユーザーが読み取り可能な権限で作成する問題があるため、
リモートの攻撃者により、tools/frr.in と tools/frrcommon.sh.in を
介して、情報漏洩を可能とする脆弱性が存在します。
(CVE-2020-12831)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-12831
** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.
** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.
追加情報:
N/A
ダウンロード:
SRPMS
- frr-7.0-10.el8.src.rpm
MD5: 867be48c60f8408701f1ea7ea98502ba
SHA-256: df1f4aa51d8dfc08d27dd8ead1d0e6d1b12bb51051bd3d111a4de622a275b9e5
Size: 4.66 MB
Asianux Server 8 for x86_64
- frr-7.0-10.el8.x86_64.rpm
MD5: 7a0dc8f8adcb30066057742aba2b5485
SHA-256: 788c19b7db0323e334ab75be4f714f9e2f5409484399074891fcfcd9379b95b5
Size: 2.52 MB - frr-contrib-7.0-10.el8.x86_64.rpm
MD5: e59dade36041efcaceea6d3bcf7dfe19
SHA-256: 5126d89e5378377816273f3aa1d264330f747243a652d9851562ca6531fb428a
Size: 18.39 kB
English