dotnet5.0-5.0.212-1.el8.ML.1
エラータID: AXSA:2022-3097:08
リリース日:
2022/03/14 Monday - 11:52
題名:
dotnet5.0-5.0.212-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- dotnet には バッファーオーバーフローの問題があり、攻撃者がスクリプトへの単発の
解凍要求の入力長を制御することで、2GiB を超えるデータをコピーしたときに
クラッシュを引き起こしてしまう脆弱性があります。(CVE-2020-8927)
- dotnet には、サービス拒否を引き起こす脆弱性があります。(CVE-2022-24464)
- dotnet には、リモートコード実行が可能となる脆弱性があります。(CVE-2022-24512)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
追加情報:
N/A
ダウンロード:
SRPMS
- dotnet5.0-5.0.212-1.el8.ML.1.src.rpm
MD5: ab30a47cf28e0b552a1b0a50c80ad81c
SHA-256: 98cff2b5cef7dae558560e9f44c3924c3285473be26a5e3ebe6581f988107eea
Size: 166.68 MB
Asianux Server 8 for x86_64
- aspnetcore-runtime-5.0-5.0.15-1.el8.ML.1.x86_64.rpm
MD5: af9615b022ef08a42782344832d6245e
SHA-256: a2cab5690f32cb31a8e33b3fba9d2e8362be7112c9eca84e1d6bfe6cce07ee60
Size: 6.54 MB - aspnetcore-targeting-pack-5.0-5.0.15-1.el8.ML.1.x86_64.rpm
MD5: 9097cd25bfa42b01a7d7d1744b9ed79e
SHA-256: 48c1905addc0bcd2677c53b99d91d97c54dd30f6e8c2de65a4b9f1b275499b51
Size: 1.43 MB - dotnet-apphost-pack-5.0-5.0.15-1.el8.ML.1.x86_64.rpm
MD5: 07ceae5093a50862a28f378717cf0362
SHA-256: 2b599b959139b9a4d90d37c75c79db9042a2c3112bca1902310f0c160d5f57f9
Size: 3.78 MB - dotnet-hostfxr-5.0-5.0.15-1.el8.ML.1.x86_64.rpm
MD5: 250af6447f8b7b092e29034dc36300d9
SHA-256: b6edbdeba630a1848bd2b5670387fa28ed617aaba00e90d8a5e8308a5acfa358
Size: 154.96 kB - dotnet-runtime-5.0-5.0.15-1.el8.ML.1.x86_64.rpm
MD5: bd84112c46950fc436b47d7d39e8a1c6
SHA-256: f0d2a28c725114696fa168d2b62744d7cbee4826f63fa65fa3ae1eaa0db3758e
Size: 26.81 MB - dotnet-sdk-5.0-5.0.212-1.el8.ML.1.x86_64.rpm
MD5: b2650eaf2cb338a91d910c470af12bae
SHA-256: c99b2f72aad397f6589ef45b0c9be522b684e687603dc54e49c740552d9e5d30
Size: 50.39 MB - dotnet-targeting-pack-5.0-5.0.15-1.el8.ML.1.x86_64.rpm
MD5: adc22378ace5583945692bae16de67aa
SHA-256: e71b0fdb0cb139d7dec3efac3d22e21663cea5589205d77f3272fab1e57711bf
Size: 2.37 MB - dotnet-templates-5.0-5.0.212-1.el8.ML.1.x86_64.rpm
MD5: 0d05fe339aba6906a02bc3490d7fb7e2
SHA-256: e4a38ea2282ed00bd1a96eb027e50d16355e87ce61abc1b84601ee68778a2dee
Size: 2.16 MB
English