dotnet3.1-3.1.417-1.el8.ML.1
エラータID: AXSA:2022-3098:04
リリース日:
2022/03/14 Monday - 12:43
題名:
dotnet3.1-3.1.417-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- dotnet には バッファーオーバーフローの問題があり、攻撃者がスクリプトへの単発の
解凍要求の入力長を制御することで、2GiB を超えるデータをコピーしたときに
クラッシュを引き起こしてしまう脆弱性があります。(CVE-2020-8927)
- dotnet には、サービス拒否を引き起こす脆弱性があります。(CVE-2022-24464)
- dotnet には、リモートコード実行が可能となる脆弱性があります。(CVE-2022-24512)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
追加情報:
N/A
ダウンロード:
SRPMS
- dotnet3.1-3.1.417-1.el8.ML.1.src.rpm
MD5: e65859c003197f6b2bdce020ae1f0dc3
SHA-256: 5c3bd5841a570d0619f000ed93b71e2b9adab62cbfe45429ba8d165c8d0904fb
Size: 315.41 MB
Asianux Server 8 for x86_64
- aspnetcore-runtime-3.1-3.1.23-1.el8.ML.1.x86_64.rpm
MD5: 1603b872a5a1b546ded777854e276fe9
SHA-256: da0edec7570d5dc2996d03846e27e6e40eeea303f8df2fa7b1e02316e833f133
Size: 6.24 MB - aspnetcore-targeting-pack-3.1-3.1.23-1.el8.ML.1.x86_64.rpm
MD5: 9c858b7e36a1a5c7a677bfe77c032085
SHA-256: 1cf14b888c6cf95f808995d55682cfeb64fefb9787dd53f047d59b091eb48579
Size: 1.11 MB - dotnet-apphost-pack-3.1-3.1.23-1.el8.ML.1.x86_64.rpm
MD5: 1baf12ab3a124c60b245261838d911db
SHA-256: 518b9ab347846c2693b60152cffd1d89972a845db8de0f3690a7fbb5553e3a4e
Size: 76.14 kB - dotnet-hostfxr-3.1-3.1.23-1.el8.ML.1.x86_64.rpm
MD5: 87a8f73fc8bcefe9a5a99d1ca16d69eb
SHA-256: 0c46ddf2f99aeb5c5f6fc1cd210209bdbd6196037506deb8709c4afdf09f1609
Size: 174.48 kB - dotnet-runtime-3.1-3.1.23-1.el8.ML.1.x86_64.rpm
MD5: 42f0ed264b3f8169673577a9ce6d08c2
SHA-256: ecce1a8eab82455758ab01ced41cef46859e4a24ec341fb759b03ee9000bc391
Size: 27.05 MB - dotnet-sdk-3.1-3.1.417-1.el8.ML.1.x86_64.rpm
MD5: 3f5754467c176db2587290780e48cf67
SHA-256: 864cb8c4e62efc198438c16aa39dbb3a6281c41b97a013f022cdc5d59e3af89a
Size: 41.79 MB - dotnet-targeting-pack-3.1-3.1.23-1.el8.ML.1.x86_64.rpm
MD5: 7b1a69d47179fbdf2cc6197608ad00f2
SHA-256: 7b4bd8ee03b31f95cbd1cc0e6bbcdd22f52e2db9b91969da31f89703229e3138
Size: 2.02 MB - dotnet-templates-3.1-3.1.417-1.el8.ML.1.x86_64.rpm
MD5: 33027ed2aa5e5bc19ad5a04afc91a46e
SHA-256: e7b06affccc048c5c25cb635c86aaf29a449dc0a35cf1819b38f4ae62ff806e8
Size: 2.13 MB