systemd-250-12.el9.3.ML.1
エラータID: AXSA:2023-5194:06
リリース日:
2023/03/02 Thursday - 08:37
題名:
systemd-250-12.el9.3.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- systemd-coredump には、fs.suid_dumpable システムパラメーターの
値を考慮しない問題があるため、ローカルの攻撃者により、情報漏洩を
可能とする脆弱性が存在します。(CVE-2022-4415)
- systemd-coreduump の shared/elf-util.c の parse_elf_object
には、クラッシュの発生時にデッドロック状態に至る問題があるため、
ローカルの攻撃者により、長いバックトレースが出力されるクラッシュ
の発生を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-45873)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-4415
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
CVE-2022-45873
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
追加情報:
N/A
ダウンロード:
SRPMS
- systemd-250-12.el9.3.ML.1.src.rpm
MD5: f85369dc7dc1c24638f08143cf9b924f
SHA-256: 34fa81af4b38ddb75628af3e6e463769d8aa639c87bcf8a5e236244123fd9603
Size: 11.67 MB
Asianux Server 9 for x86_64
- systemd-250-12.el9.3.ML.1.i686.rpm
MD5: b8e60c64c3d096c1331150fff9b5d74a
SHA-256: f4a98108e86c2fa339d4b2ca2211cc53fc0fca7a63f540596a4d55971a4d2330
Size: 4.05 MB - systemd-250-12.el9.3.ML.1.x86_64.rpm
MD5: fd3b00a40f0a2d641d654d179f95841f
SHA-256: d8f029bee4f0c9d6bf2b70969eb8d8853c395ddc8177d1e69078527e7c0502d3
Size: 4.00 MB - systemd-container-250-12.el9.3.ML.1.i686.rpm
MD5: e9fc5727f72fc685fe99a2edcf6d63b9
SHA-256: 80b0449465239df7db87b2bade2d8ad5ab3b12594c72bb5db0f7b73affc1badb
Size: 559.23 kB - systemd-container-250-12.el9.3.ML.1.x86_64.rpm
MD5: 76904e135afa08d9976d72c306358e49
SHA-256: d1cb677c8ba0aef593b5659571bc7c8917fc8e2cc7ee90134dfc4a8488ff5533
Size: 549.50 kB - systemd-devel-250-12.el9.3.ML.1.i686.rpm
MD5: 3409fa9918412b9336e527dd1c186b38
SHA-256: 89657ecd344167c3e3eaab85132e684262d6b12361a40a2769a8ce492a857c62
Size: 468.77 kB - systemd-devel-250-12.el9.3.ML.1.x86_64.rpm
MD5: 093074fe681723ead60def42f8d8c4dc
SHA-256: 5a5c59369c4a22692cd2a317d9099b80162ddfae5713b3bd7c337d87bbe51290
Size: 468.54 kB - systemd-journal-remote-250-12.el9.3.ML.1.x86_64.rpm
MD5: 3049edb49371c3568fe86bd240561e45
SHA-256: 46de564489e791da43fdb70ef05cccb70794a052e8b358fb44f4fca8c19054b3
Size: 116.67 kB - systemd-libs-250-12.el9.3.ML.1.i686.rpm
MD5: 67e2fe0f31615cfd573bcaf401fb4640
SHA-256: 165338ee9c2d75435f2fe2cf56a79b50013fa9e97de0a956962e4ed6d2b4e2c3
Size: 657.79 kB - systemd-libs-250-12.el9.3.ML.1.x86_64.rpm
MD5: 4edd704768f5f6b71f89b786864ecf71
SHA-256: ac95255e88bb911aa1a7152bf032bff53a367647ef2ff562305b0d5558109ac5
Size: 628.85 kB - systemd-oomd-250-12.el9.3.ML.1.x86_64.rpm
MD5: 836db8fee2434293f01814ce1f6aa5e9
SHA-256: 9b8b5bf45ccc20e7c6e8c6a690cf39d69e7613ec5515c943e53eefc82c309e74
Size: 75.21 kB - systemd-pam-250-12.el9.3.ML.1.x86_64.rpm
MD5: edf0577a24a3638e0aee0f9b5f0a8fc9
SHA-256: 7db3751f7343eb8f9da731dc5c52a0b9c18f2f08e6ff914ec9c2ef89ed7a4ba5
Size: 254.07 kB - systemd-resolved-250-12.el9.3.ML.1.x86_64.rpm
MD5: 77f61c869cdec9e62d1e626955f605c9
SHA-256: 0a755bb0a2cfa31ed66155b3858231138e77c6e4c64a97edf112331abd97d055
Size: 336.37 kB - systemd-rpm-macros-250-12.el9.3.ML.1.noarch.rpm
MD5: c1aa635cb319832b1d8496121f085440
SHA-256: 9310f4452a1897db62b8954beb5cd883e62b07ebc0cb5762b1ac15c85f83d32d
Size: 39.05 kB - systemd-udev-250-12.el9.3.ML.1.x86_64.rpm
MD5: ab6ba7f4fa62f380415f4cb80bf2ce92
SHA-256: 6f5107adbdf8062494e261bb35ddecbff3b8219337ee3e93278117dec31c4394
Size: 1.51 MB
English