golang-github-cpuguy83-md2man-2.0.2-4.el9
エラータID: AXSA:2023-5357:01
リリース日:
2023/05/16 Tuesday - 07:13
題名:
golang-github-cpuguy83-md2man-2.0.2-4.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- golang の regexp モジュールには、信頼できない情報元から入力された
正規表現をコンパイルする際に大量のメモリを消費してしまう問題がある
ため、リモートの攻撃者により、細工された正規表現の入力を介して、
メモリの枯渇とそれに起因するサービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2022-41715)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-41715
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
追加情報:
N/A
ダウンロード:
SRPMS
- golang-github-cpuguy83-md2man-2.0.2-4.el9.src.rpm
MD5: 61c4b1a1173b3ebd66265c3e49876447
SHA-256: 66bcd9b91401994662512c12e5697e207e331a6aabd9c33b0049c2e6dad6c464
Size: 75.35 kB
Asianux Server 9 for x86_64
- golang-github-cpuguy83-md2man-2.0.2-4.el9.x86_64.rpm
MD5: 39b04c0ac6ac94844914132ef01f1b83
SHA-256: 73486693f6ebbf28e23aecaacaa5f58cb86beee3c4f8152438033fd7a30e38bb
Size: 750.92 kB