glibc-2.12-1.212.3.1.AXS4

エラータID: AXSA:2021-1437:03

リリース日: 
2021/02/09 Tuesday - 09:39
題名: 
glibc-2.12-1.212.3.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

以下項目について対処しました。
[Security Fix]

- glibcの、 iconv機能の EUC-KR エンコードには不正なマルチバイトの入力が
ある場合、バッファオーバーリードが存在する脆弱性があります。(CVE-2019-25013)

- glibc には、関数への 80 ビットの long double 型の入力に非正規ビットパターンを
含む時、レンジリダクション中にスタックバッファのオーバーフローを引き起こす脆弱性が
あります。(CVE-2020-10029)

- glibcには、x86ターゲット上で printf 関数(及びその亜種) に 非正規な 80ビットの
long double値を入力したとき、スタックベースのバッファオーバーフローを起こす
脆弱性があります。(CVE-2020-29573)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2019-25013
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2020-10029
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2020-29573
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. glibc-2.12-1.212.3.1.AXS4.src.rpm
    MD5: 25a6e99c0b32b883625a94426552ec3b
    SHA-256: 1374c8c97851c579d5cfb7c4ff737d6d92f497a285dba96448f5b1058a91ae83
    Size: 15.99 MB

Asianux Server 4 for x86
  1. glibc-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: 556be8efc83b22288bdf9a857e290d5d
    SHA-256: 32fa23d50598ccd8c067c9b3f1866bc7dece1494088bbd5fe5fd582bc47e3555
    Size: 4.36 MB
  2. glibc-common-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: c1edf9368160b31b5d770375a0e523f2
    SHA-256: 5c81adafad1236c83b324da04b3d45db4797d5a0b5d719a397cdebad37ca5ad8
    Size: 14.22 MB
  3. glibc-devel-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: 2c04d9b2d12e7ebe7b67c11e38edcff1
    SHA-256: 017c83c10d016391e4309601b312a8794238bc66b5828182130f839b57fe55e0
    Size: 0.97 MB
  4. glibc-headers-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: e65c1b40c6aa0848ca1de258354a7cd5
    SHA-256: 1e7d15c8570e4a7152c139d9182d9fd556b5ba31fcc282cf011fd24a242780fc
    Size: 627.80 kB
  5. glibc-utils-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: 682e261e75c04a4a02e1a7d67afcda93
    SHA-256: e327d495ad15d031298116b9d6b6f18df64f12b2b6a53ce1be535e6c3dab4226
    Size: 176.05 kB
  6. nscd-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: 8c92257ff28c58b0e736f6e9fb2cf3b8
    SHA-256: 3052901a6bcf3871abb9555b5e5ae3910bb4590e1a79ec07ed5efb38770d4959
    Size: 230.72 kB

Asianux Server 4 for x86_64
  1. glibc-2.12-1.212.3.1.AXS4.x86_64.rpm
    MD5: 58f052468f452744f5ea3132d795e0c3
    SHA-256: 009b4d8f1cb0a9c914d1d10659e9e27d0b8070fd5a4224b14faa67d6e859ccef
    Size: 3.82 MB
  2. glibc-common-2.12-1.212.3.1.AXS4.x86_64.rpm
    MD5: f0d95b9993a038994b0b5977091a3c76
    SHA-256: 85784789445e188b589d66d4863fdf654d61ff1c93f61f18adad6b5b9c92c38e
    Size: 14.23 MB
  3. glibc-devel-2.12-1.212.3.1.AXS4.x86_64.rpm
    MD5: d734e0d0c66da714e6131c4db4ed3bec
    SHA-256: eb3e151b72ec748286d0ec1c506a43a866f0431a42af5c7c689f6620ffc709ad
    Size: 0.97 MB
  4. glibc-headers-2.12-1.212.3.1.AXS4.x86_64.rpm
    MD5: 6ad4eec8c942598b44fd1e555b07ce0b
    SHA-256: e76bdeddf941932510a55e051bc698f5af28bd41d539a02371728bfc94c59150
    Size: 619.36 kB
  5. glibc-utils-2.12-1.212.3.1.AXS4.x86_64.rpm
    MD5: ce7d68786e365079ae4af637aef21ee2
    SHA-256: 900db9bc6086a314bf67ce635663c9d3b477a0ee28b1528006db8b50cf0b664d
    Size: 174.00 kB
  6. nscd-2.12-1.212.3.1.AXS4.x86_64.rpm
    MD5: c9ec0b51e2069e6a401709f23ffc2f04
    SHA-256: 760e2eeb702f18a3f18b906798881c86051684f50f88992267ab6dd520826060
    Size: 231.89 kB
  7. glibc-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: 556be8efc83b22288bdf9a857e290d5d
    SHA-256: 32fa23d50598ccd8c067c9b3f1866bc7dece1494088bbd5fe5fd582bc47e3555
    Size: 4.36 MB
  8. glibc-devel-2.12-1.212.3.1.AXS4.i686.rpm
    MD5: 2c04d9b2d12e7ebe7b67c11e38edcff1
    SHA-256: 017c83c10d016391e4309601b312a8794238bc66b5828182130f839b57fe55e0
    Size: 0.97 MB