bcel-5.2-19.0.1.el7.AXS7
エラータID: AXSA:2022-4486:01
リリース日:
2022/12/21 Wednesday - 06:22
題名:
bcel-5.2-19.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- bcel には、境界外書き込みの問題があるため、
攻撃者によって制御可能なデータを介して、任意の
バイトコード生成を可能とする脆弱性が存在します。
(CVE-2022-42920)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
追加情報:
N/A
ダウンロード:
SRPMS
- bcel-5.2-19.0.1.el7.AXS7.src.rpm
MD5: e7a52df86adc2090fa9f12acc9af456b
SHA-256: 5bda03d716d93b2faeebe0bc8e9c1eb27b6f8f1f0026b6937b856ebabc441399
Size: 269.19 kB
Asianux Server 7 for x86_64
- bcel-5.2-19.0.1.el7.AXS7.noarch.rpm
MD5: ec22adc0dae7ce27b2067159dce29faa
SHA-256: 6894975e3c10e3abcf55bd34f5586fea458f70d0d9965c26c313cfde0875d903
Size: 468.75 kB