wayland-1.21.0-1.el8
エラータID: AXSA:2023-5915:03
リリース日:
2023/06/08 Thursday - 07:02
題名:
wayland-1.21.0-1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- LP64 システムには、バッファの内部参照カウントをバッファプール
に int 型で保持していることからオーバーフローの問題があるため、
攻撃者により、クライアントで多数の wl_shm バッファオブジェクト
の作成、またはサーバーへのバッファストレージの多数の外部参照の
作成を介して、メモリの解放後利用を可能とする脆弱性が存在します。
(CVE-2021-3782)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-3782
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.
追加情報:
N/A
ダウンロード:
SRPMS
- wayland-1.21.0-1.el8.src.rpm
MD5: 76d1a6c3eca0d0b67bab7b8d4845ed41
SHA-256: 2b03bf5e564af2968d13043620e2a1bcad7274312379d096bf2a8a558dea3c26
Size: 238.35 kB
Asianux Server 8 for x86_64
- libwayland-client-1.21.0-1.el8.i686.rpm
MD5: 677f60bbb7e376b5304e1a4fd354d093
SHA-256: 844a4737245319a2fb919d546a6aae25f393d0134bde220fc26fef31ef4b5c74
Size: 40.14 kB - libwayland-client-1.21.0-1.el8.x86_64.rpm
MD5: 0c343f468fdee480682923447fe51e6c
SHA-256: abfb87d1e7731b1db8b742ffa9796c9ead5f1ab212d3c68f375fd8fa30ed0e3c
Size: 39.61 kB - libwayland-cursor-1.21.0-1.el8.i686.rpm
MD5: c2b5edeee74e2814bcd98772fb1d8df9
SHA-256: c355920885ade5c8f2ab682ca6dbe6e0693fccf739e4fd3a7a0eaa77ddcc0ad1
Size: 25.51 kB - libwayland-cursor-1.21.0-1.el8.x86_64.rpm
MD5: da8520ccf4e409de488bd9367287ddb8
SHA-256: fee0baa716ab596aa0e8821a6e8592c57a937828e8e33178a6d81c0b6ddfb41d
Size: 24.81 kB - libwayland-egl-1.21.0-1.el8.i686.rpm
MD5: 4d20716c8ccb15ebebb3987f14739455
SHA-256: c53fc32af0cd6146e1cf7c1d3ffeb1fff32947b751542ccef1227671aa749833
Size: 18.60 kB - libwayland-egl-1.21.0-1.el8.x86_64.rpm
MD5: 8af223bd058f2cc5add69e383516843b
SHA-256: 2c8c025f016bcb3459b3d61dc1f9c90bef78b20d3fb24b8db57dabff94dbb04c
Size: 18.47 kB - libwayland-server-1.21.0-1.el8.i686.rpm
MD5: 8e3f305381997dce892fca7abdadb28b
SHA-256: de1a18b439a8f361028bed0669cabf13728b672060f7482ad776a6300e8acb51
Size: 48.97 kB - libwayland-server-1.21.0-1.el8.x86_64.rpm
MD5: 5658fa18947d7df4273fecfc221adf7f
SHA-256: 5fbda98104ea3d1fe825d33035f26124e161d1358e4958754ab9be05d308d17e
Size: 47.48 kB - wayland-devel-1.21.0-1.el8.i686.rpm
MD5: a9456c145da0d3c5c565cdcab95b0c74
SHA-256: d284cbe384c676fc4ebbfac2abc2adc0f1ab7fa663c0183ae622fe80e15b9e94
Size: 156.14 kB - wayland-devel-1.21.0-1.el8.x86_64.rpm
MD5: 59fcebf1992098769356497bcd6cd475
SHA-256: 7124d47bb6bdd7e1e87c41c024c0bf1b1482dff0558caca502ee511347745eff
Size: 154.59 kB