rpm-4.16.1.3-27.el9_3
エラータID: AXSA:2024-7473:01
リリース日:
2024/01/29 Monday - 19:20
題名:
rpm-4.16.1.3-27.el9_3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- RPM には、インストール先のディレクトリがシンボリック
リンクである場合の権限のチェック処理に問題があるため、
ローカルの攻撃者により、特権昇格を可能とする脆弱性が
存在します。(CVE-2021-35937)
- RPM には、ファイルをインストールしたあとのアクセス
権限の設定処理に問題があるため、ローカルの攻撃者により、
インストールしたファイルへのシンボリックリンクを他の
重要なファイルへのシンボリックリンクに置き換えること
を介して、特権昇格を可能とする脆弱性が存在します。
(CVE-2021-35938)
- RPM には、インストールするファイルの親ディレクトリ
の権限のみをチェックしている問題があるため、ローカルの
攻撃者により、シンボリックリンクとして作成されている
ディレクトリへのファイルのインストール処理を介して、
特権昇格を可能とする脆弱性が存在します。
(CVE-2021-35939)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-4.16.1.3-27.el9_3.src.rpm
MD5: f2e610ed4b6df63b77133f558d978f2b
SHA-256: d8d742689183f0b2056db22ca39468c0226cae0a7d70d0e86f1dfa02d3fcbca5
Size: 4.26 MB
Asianux Server 9 for x86_64
- python3-rpm-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 7757fd3b6e37fc6f2d015f4dfec73867
SHA-256: cc946d3363aa24527ed1374ac0b08148a7752eb5d147cac3d231a580afc3b27e
Size: 63.96 kB - rpm-4.16.1.3-27.el9_3.x86_64.rpm
MD5: d93ef4ba8aed671c14ea94f3a776977e
SHA-256: 9afe90fbc9ed31ed10afb8901142fdfd626182126eae8f9cb7ba57e208bad0c2
Size: 520.93 kB - rpm-apidocs-4.16.1.3-27.el9_3.noarch.rpm
MD5: 5dd595d0efcc3f085e40d0c273daea0b
SHA-256: 26c5dea14fc451c3ff35a4a5151215d024f4a5863cc3a92c169b932a5bc77049
Size: 1.04 MB - rpm-build-4.16.1.3-27.el9_3.x86_64.rpm
MD5: ea999bb89a99d5aebbbd4af86e171d2a
SHA-256: 3520cbc7d61b18108f0f6506a6287cdbbc5972fad9076d2b4af75642ed02b2f0
Size: 68.36 kB - rpm-build-libs-4.16.1.3-27.el9_3.i686.rpm
MD5: cb9ded69440fa8925557178f9dac226f
SHA-256: b82c57f5369404671e9e51653ef8574a25512183691236abc755e4cc4e3e383e
Size: 95.14 kB - rpm-build-libs-4.16.1.3-27.el9_3.x86_64.rpm
MD5: dc741c90e406558f5d96154b3e58aae1
SHA-256: 94c3d02d79dd7473a4bb9d3e22d6742e485e86e7fe99dda203e76d02c94684d4
Size: 87.45 kB - rpm-cron-4.16.1.3-27.el9_3.noarch.rpm
MD5: 37507b69057c4ae97303de2f97493d42
SHA-256: a3ca133e7cf3505688a3aee6798d644eba3949af608f3d1307dc1c1befb7c16e
Size: 9.58 kB - rpm-devel-4.16.1.3-27.el9_3.i686.rpm
MD5: 79c809ee981ae4b841c9efe2b86ad75e
SHA-256: 884e279ec80855e32edc3ce7e7ef4829e05610414effe5c333a21e182a033b8d
Size: 87.31 kB - rpm-devel-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 15f1af3a103d2fcc6892679be5b57816
SHA-256: fb665cae25b155390b51a5fa8729b89a8f7b5feb968eee2cf65225c3c9825b26
Size: 87.45 kB - rpm-libs-4.16.1.3-27.el9_3.i686.rpm
MD5: f46463793803db2c9a16535eb8576b34
SHA-256: dab21e3890df8d31505e57ff3e1246927f32ba9d247b2ad87269389f2c8ba6fa
Size: 338.17 kB - rpm-libs-4.16.1.3-27.el9_3.x86_64.rpm
MD5: d8d3e27b8f25b42d8a8901fa225905ca
SHA-256: 5e22234669a82d8efaaae797be5047c330429fb8223ad1f5321300db0b3d482e
Size: 306.53 kB - rpm-plugin-audit-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 9f86fae99428ea4dafbc5f386a6ac3d1
SHA-256: 299aa6ae01499945bbefa9fa16bfb93c0985953010814ced58f3538a75dad93a
Size: 14.53 kB - rpm-plugin-fapolicyd-4.16.1.3-27.el9_3.x86_64.rpm
MD5: f2d0535ab868cb95159c37cc7aec164c
SHA-256: ba3cf7db4dcfc898745a32da33ffdfae4295f09623ef8631674e6a680f974480
Size: 15.17 kB - rpm-plugin-ima-4.16.1.3-27.el9_3.x86_64.rpm
MD5: ee948a2758a578f5ffb870c8e8f2307e
SHA-256: 4ee6a678510ee23eeb40c5ac908c5eea38ba446946c507b133e06723620b4b82
Size: 13.90 kB - rpm-plugin-selinux-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 19276c8a4eb1e982786e59652daff286
SHA-256: 404a370b2f9778ee2d4ba98fe9e491dd3ae11d1eab939111cc87bc9c90fb9b3c
Size: 15.03 kB - rpm-plugin-syslog-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 049314b61c0955306bdb721b85783185
SHA-256: 222ed26b933d774a24bb4c898dbb8f2dc53e593cef6d06250d9b5781db941a38
Size: 13.96 kB - rpm-plugin-systemd-inhibit-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 653bdd77107900b61748809a3742337a
SHA-256: b241df1679cf7e83e7e8e6996a22e2a7d964425dc905a56ad13616ebb8523314
Size: 15.00 kB - rpm-sign-4.16.1.3-27.el9_3.x86_64.rpm
MD5: 6e5d0855f5b84f8db9a3a3c6f5d057f4
SHA-256: bb9270f0833de2232944f482f945f0904777288b1b812b2f780939f81c76038e
Size: 16.80 kB - rpm-sign-libs-4.16.1.3-27.el9_3.i686.rpm
MD5: 448164719cec6621ccd3d5ec611b05f8
SHA-256: 0ff90399a36e0162de49765862b3a77458d9bed3573f4a9fe098e0ad8d4395a5
Size: 19.54 kB - rpm-sign-libs-4.16.1.3-27.el9_3.x86_64.rpm
MD5: a15e7a72c9052f28f34e53d2ab340976
SHA-256: 7aa4657f228d4646bf4dcbdcfa331adf0cf24649b757b7a3d499bf7add02139a
Size: 19.23 kB