librsvg2-2.50.7-1.el9.1
エラータID: AXSA:2023-6396:01
リリース日:
2023/09/19 Tuesday - 12:43
題名:
librsvg2-2.50.7-1.el9.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- librsvg2 の URL デコーダーには、ディレクトリトラバーサルの問題
があるため、リモートの攻撃者により、細工された xi:include 要素内
のデータを介して、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2023-38633)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-38633
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
追加情報:
N/A
ダウンロード:
SRPMS
- librsvg2-2.50.7-1.el9.1.src.rpm
MD5: 811a6b31b675ce20958eada97d3d89be
SHA-256: 0bf29d22214384e2b5080fc8fe15cf5a3b79c9bd084860a762251bf673d684b0
Size: 21.22 MB
Asianux Server 9 for x86_64
- librsvg2-2.50.7-1.el9.1.i686.rpm
MD5: 0b6d92080723ab57a226b5d2d45a5a8f
SHA-256: 16aec34da38581f2ae77d0d082005bed515031d3fc3508fc90afe0748ec7fe35
Size: 3.37 MB - librsvg2-2.50.7-1.el9.1.x86_64.rpm
MD5: 402165bed3471f0cdb5abd9e30e667eb
SHA-256: e5deb7860e60eaee312225bfea27c9b79268e855aa2e6e8c133c1730f82ae174
Size: 3.26 MB - librsvg2-devel-2.50.7-1.el9.1.i686.rpm
MD5: a1a527d1c4abbed05570207a969b3d74
SHA-256: a35e503d9b9c4f432c5c345d83db019692162c10af42bda97c1dc0d3ac97a0a2
Size: 52.20 kB - librsvg2-devel-2.50.7-1.el9.1.x86_64.rpm
MD5: ae598419448cb468c5f9f91d3ed22c4b
SHA-256: 7a963e0380a9d000947a0ff01e9eebc4bf2008926cdfdbd69bd2df4a1fd653c2
Size: 52.19 kB - librsvg2-tools-2.50.7-1.el9.1.x86_64.rpm
MD5: 461f7915911826e820d523054f95b073
SHA-256: 16e0f1136dae4059a8be67b1bb773bcf5cfd9d5fbd4c4efb66ef5b425beb4378
Size: 17.58 kB
English