rpm-4.14.3-28.el8_9
エラータID: AXSA:2024-7498:02
リリース日:
2024/02/02 Friday - 18:11
題名:
rpm-4.14.3-28.el8_9
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- RPM には、インストール先のディレクトリがシンボリック
リンクである場合の権限のチェック処理に問題があるため、
ローカルの攻撃者により、特権昇格を可能とする脆弱性が
存在します。(CVE-2021-35937)
- RPM には、ファイルをインストールしたあとのアクセス
権限の設定処理に問題があるため、ローカルの攻撃者により、
インストールしたファイルへのシンボリックリンクを他の
重要なファイルへのシンボリックリンクに置き換えること
を介して、特権昇格を可能とする脆弱性が存在します。
(CVE-2021-35938)
- RPM には、インストールするファイルの親ディレクトリ
の権限のみをチェックしている問題があるため、ローカル
の攻撃者により、シンボリックリンクとして作成されている
ディレクトリへのファイルのインストール処理を介して、
特権昇格を可能とする脆弱性が存在します。
(CVE-2021-35939)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-4.14.3-28.el8_9.src.rpm
MD5: 8d2a420ce9933e17195559e42fbc894d
SHA-256: 92277d9552cb9966cf41fa12fb84680a0c11d09ac94627012eb332bb20e156ac
Size: 5.02 MB
Asianux Server 8 for x86_64
- python3-rpm-4.14.3-28.el8_9.x86_64.rpm
MD5: 2a5dee1125094982dee75bc07b86519a
SHA-256: 4de0ab90a0f10ba6c114ba0a07cb11860ecc89213ed7ed0d1b0fadaa23dea131
Size: 154.08 kB - rpm-4.14.3-28.el8_9.x86_64.rpm
MD5: 2c0370a225c228d6eaa875a1fea3b73f
SHA-256: f5112ca584ae527b7ea2a278bb49eca8e1ea0d1d8175d437517bd13fa0add31f
Size: 543.02 kB - rpm-apidocs-4.14.3-28.el8_9.noarch.rpm
MD5: cbdef0fd586d037aaa4da4044e583450
SHA-256: 8d98c204210a340357702c9990b80f0da53c8c2584bb6644714234d8413c5924
Size: 1.76 MB - rpm-build-4.14.3-28.el8_9.x86_64.rpm
MD5: fbfcb0b84e075a307eabf34cca36d9f7
SHA-256: 76564ef48f80fdf01467678011f4b8e7a38625c7acc9446db305a4c5363ce911
Size: 173.27 kB - rpm-build-libs-4.14.3-28.el8_9.i686.rpm
MD5: f399a5ae3c36faf79bc5afb36d36a7f6
SHA-256: 25de2f95ce280bf8ddd38d7ba004c64d49aef277068e08dc7960501fba3d32df
Size: 166.04 kB - rpm-build-libs-4.14.3-28.el8_9.x86_64.rpm
MD5: a2dbf92e128c1738c34d4eaa3e05d5c5
SHA-256: 2970c627d4c87b129648c7b78127416901f462cb79eec28225f4f1baf6f2d01c
Size: 156.19 kB - rpm-cron-4.14.3-28.el8_9.noarch.rpm
MD5: e9d2707a4104f2f476888f49c164dd75
SHA-256: ecc06583075bbb3f55299410df15dd4aa68a6d9e6c0f0c2fc9ed363345c0fefc
Size: 72.29 kB - rpm-devel-4.14.3-28.el8_9.i686.rpm
MD5: cb6c89060a04903baa32aea5329ede5b
SHA-256: af18261552ec0b0c07b7c55505780e4eab11631a30550be0fa7243b1de12964e
Size: 142.73 kB - rpm-devel-4.14.3-28.el8_9.x86_64.rpm
MD5: 79f57f47f1d21a27e77030338fff3209
SHA-256: 2144caec762a5ccfd503fae4c2346eb234af9297785f059490368e5f59201b0b
Size: 142.89 kB - rpm-libs-4.14.3-28.el8_9.i686.rpm
MD5: b7798de16f3cfeadad0c2748496ff77e
SHA-256: bfb6396e2824bbe34ba180ad213e7790f5eec95fa6d7c9334f94fcc7628cbb4d
Size: 377.05 kB - rpm-libs-4.14.3-28.el8_9.x86_64.rpm
MD5: 1addf9275f3632455943e1ab2c979c16
SHA-256: a2aee4983fe9e5d59e127b9ef9e7ba1df38418c526ad762bbe880a9bc3f748f0
Size: 346.58 kB - rpm-plugin-fapolicyd-4.14.3-28.el8_9.x86_64.rpm
MD5: 508c8075d532897e056bb96840cf0675
SHA-256: d548ff3407b3304c16fc3912d8ae89e1b8b3a531d1a914dcb49aa72134576b19
Size: 78.27 kB - rpm-plugin-ima-4.14.3-28.el8_9.x86_64.rpm
MD5: 4b3cafb68233ec44ca38ca64284316c6
SHA-256: 7f9f9c4672be0a2204401dff974fc4892c56aa055224fbba9c33cee620acaecb
Size: 76.09 kB - rpm-plugin-prioreset-4.14.3-28.el8_9.x86_64.rpm
MD5: c092b10a5e9c1ce6b063a47b3d7e27c4
SHA-256: 6796d1950fb091bb5204f7f59bb37c3b2a9cb34f912d5a797eaa7e1a8b518b55
Size: 75.98 kB - rpm-plugin-selinux-4.14.3-28.el8_9.x86_64.rpm
MD5: 152326e1399029a01d631f3b5ebd27e3
SHA-256: e005374c7f408449bc2b9fc2113ad65345772d8f9f8e1f463bf7f711be1b2bb0
Size: 76.98 kB - rpm-plugin-syslog-4.14.3-28.el8_9.x86_64.rpm
MD5: b47874d00630b8523e24502c5e2de8b0
SHA-256: 055fb705d30d9ad0147f84d2e16fe17028f8cfbb05fd4a9698bb4c92866cc291
Size: 76.49 kB - rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.x86_64.rpm
MD5: 7c412656f3202272a219366935264e49
SHA-256: 26d436504adad98b41221d305fbd26b2228d2ca15698b71b80a25f1461afe6b3
Size: 78.08 kB - rpm-sign-4.14.3-28.el8_9.x86_64.rpm
MD5: 2999931bcd0d44e6ea25e1795fc2d59f
SHA-256: 16a3c205ed4b0f6c64ed25fcaf5e602600e4dfac3dff6d489df7d37cfe948162
Size: 80.57 kB