brotli-1.0.6-3.el8
エラータID: AXSA:2021-1864:02
リリース日:
2021/11/17 Wednesday - 13:16
題名:
brotli-1.0.6-3.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Brotli には バッファーオーバーフローの問題があり、攻撃者がスクリプトへの
単発の解凍要求の入力長を制御することで、2GiB を超えるデータをコピーしたときに
クラッシュを引き起こしてしまう脆弱性があります。(CVE-2020-8927)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
追加情報:
N/A
ダウンロード:
SRPMS
- brotli-1.0.6-3.el8.src.rpm
MD5: d741e6944fac4e469f6b42618482dd5d
SHA-256: a5fb4061120cc01e6b05906a88d72db9c514aa687171ce90929850de0a2d6907
Size: 22.73 MB
Asianux Server 8 for x86_64
- brotli-1.0.6-3.el8.x86_64.rpm
MD5: 46870527ba04697857b2b1a8360ff8ff
SHA-256: 14d38297f7936ab3bde3b203abcd3d77889d9f0db47a96bee297951da64ad98c
Size: 322.18 kB - brotli-devel-1.0.6-3.el8.x86_64.rpm
MD5: 1eb91b0b521102c34e7ffe68d8b45f77
SHA-256: d29559a29c6047197544a19aac61779d9170d8c3817b0085fb27cad5738d647f
Size: 30.11 kB - python3-brotli-1.0.6-3.el8.x86_64.rpm
MD5: fbd136341e969a862a789b58de7d642c
SHA-256: 0df2d97a4943f93481107a965fea0d2b8d52a76bfbbdb06a465e04a8e7187a5f
Size: 306.60 kB - brotli-1.0.6-3.el8.i686.rpm
MD5: 42d24a0d6b05826b0d7aa2f81889d6b9
SHA-256: eaf584a07e9b92405eb7b5e67f0163b83daae3721a8f00ff725175a420731563
Size: 321.45 kB - brotli-devel-1.0.6-3.el8.i686.rpm
MD5: 3fd5a5a9d3ddd2c0d62b7601722f5c17
SHA-256: 85deb4764e3af15f9ca5c2cfd4532bd17100853912760a1a5e818ce3db4a2f08
Size: 30.11 kB