qt5-qtimageformats-5.9.7-2.el7
エラータID: AXSA:2021-1846:01
リリース日:
2021/06/09 Wednesday - 05:28
題名:
qt5-qtimageformats-5.9.7-2.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libwebp には、PutLE16 関数にヒープベースのバッファーオーバフローを引き起こす
脆弱性があります。(CVE-2018-25011)
- libwebp には、ReadSymbol 関数において、初期化されていない変数が使用されている
脆弱性があります。(CVE-2018-25014)
- libwebp には、WebPDecodeRGBInto 関数において、バッファーサイズの無効なチェックにより、
ヒープベースのバッファーオーバーフローが発生する可能性のある脆弱性があります。
(CVE-2020-36328)
- libwebp には、スレッドの終了が早すぎることによる、解放後使用の脆弱性があります。
(CVE-2020-36329)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-25011
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2018-25014
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36328
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- qt5-qtimageformats-5.9.7-2.el7.src.rpm
MD5: 8612da56e677d994eb90da95ae17484d
SHA-256: f95754f2a80920fd8991031b96f9ef4c01d5882b3f4084b2a9e57fa9f4003081
Size: 2.02 MB
Asianux Server 7 for x86_64
- qt5-qtimageformats-5.9.7-2.el7.x86_64.rpm
MD5: 66e57d67d39c3c6e43b1740fcdab1df9
SHA-256: 44b25890883ba2f2de90967310e2a4533a5243088e5b0a78b28cacb8afb8cba5
Size: 318.23 kB - qt5-qtimageformats-doc-5.9.7-2.el7.noarch.rpm
MD5: 01a72ce6abff2b0964673a1eb8941d08
SHA-256: 1eaff08dcc959bcb1d2aa0fbf910a0e740db116859495555e9a31e39720dd99c
Size: 54.44 kB - qt5-qtimageformats-5.9.7-2.el7.i686.rpm
MD5: d9034df0246ce8202c2d38b997744478
SHA-256: d0c641ea6a322a2ff0805ffcd1b846ae1ce068cd86434d705ed0599513efa57b
Size: 320.54 kB
English