glibc-2.17-322.el7
エラータID: AXSA:2021-1374:01
リリース日:
2021/02/03 Wednesday - 07:03
題名:
glibc-2.17-322.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- glibcの、 iconv機能の EUC-KR エンコードには不正なマルチバイトの入力が
ある場合、バッファオーバーリードが存在する脆弱性があります。(CVE-2019-25013)
- glibc には、関数への 80 ビットの long double 型の入力に非正規ビットパターンを
含む時、レンジリダクション中にスタックバッファのオーバーフローを引き起こす脆弱性が
あります。(CVE-2020-10029)
- glibcには、x86ターゲット上で printf 関数(及びその亜種) に 非正規な 80ビットの
long double値を入力したとき、スタックベースのバッファオーバーフローを起こす
脆弱性があります。(CVE-2020-29573)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-25013
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2020-29573
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.17-322.el7.src.rpm
MD5: 3b1c5c527e393d941a046dc762e40e39
SHA-256: dc26fb4d46155b75070a2f8787a00980a15369c871b5681241c5440d59ae9abb
Size: 25.19 MB
Asianux Server 7 for x86_64
- glibc-2.17-322.el7.x86_64.rpm
MD5: 544fa8923629124eb4489e55bc2cae0b
SHA-256: 8c6a734fb3b26325d57dd71f103ba2fa10082496332ae9470fc5d471afd5b926
Size: 3.64 MB - glibc-common-2.17-322.el7.x86_64.rpm
MD5: 2d47135cf916b78f26b8fbc1d8898d2e
SHA-256: 39d757cadd4a3533cee6868e75bbd64d61d6320a1c2ab05160ff993fe48727b9
Size: 11.50 MB - glibc-devel-2.17-322.el7.x86_64.rpm
MD5: e8a7f1257b7a59859f7e44fdf85a3787
SHA-256: 12239d39432edbfe0c0a8ae79d5b230e888440836876199cfcd625ec10c67ef9
Size: 1.07 MB - glibc-headers-2.17-322.el7.x86_64.rpm
MD5: 4e019c58b8e41115c87df187bce46699
SHA-256: 56ffcde49dfe40fa7a0a6cc40a5dc693493555d3aca2985dccd39523153b48f0
Size: 689.51 kB - glibc-utils-2.17-322.el7.x86_64.rpm
MD5: 67f5e44141f9fc3e31b1a11e44c80851
SHA-256: 80d5f00b900ec88cda0d8bdb192124bf88810a889ad7b3b713e4fb229725d3f0
Size: 227.89 kB - nscd-2.17-322.el7.x86_64.rpm
MD5: c7fc4e4025cb576c8ef433a3f1b06248
SHA-256: 304d33c6333fb4bed6a02c2795d4295ba63830d140db7441f49010026fe1e53b
Size: 287.36 kB - glibc-2.17-322.el7.i686.rpm
MD5: 5268be6016f5d6aa54a6a3d434f17037
SHA-256: 1f66b7ec31e928b980fa7a66e01d772391f101b37663ded45ebd73bae6a49574
Size: 4.26 MB - glibc-devel-2.17-322.el7.i686.rpm
MD5: 6d51b3b24493cd5728a0b7f96531345b
SHA-256: 0ba07e942528c4d3252b1a80630b625743eb720b06f09a74a0673278db6c800e
Size: 1.08 MB