pcs-0.10.18-2.el8_10.1.ML.1
エラータID: AXSA:2024-8703:04
リリース日:
2024/08/26 Monday - 11:07
題名:
pcs-0.10.18-2.el8_10.1.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- ruby の REXML には、大量の '<' が属性値に含まれるときサービス
拒否状態を起こす問題があるため、リモートの攻撃者により、巧妙
に細工された信頼できないXMLを介して、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-35176)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
追加情報:
N/A
ダウンロード:
SRPMS
- pcs-0.10.18-2.el8_10.1.ML.1.src.rpm
MD5: fc3bea4ab473d18a0bc1eb39ea75f234
SHA-256: b68d6ca3c81ed0e15b16337dc9f1f69450b6d990e1c4d21e22871d9c3b08b436
Size: 5.16 MB
Asianux Server 8 for x86_64
- pcs-0.10.18-2.el8_10.1.ML.1.x86_64.rpm
MD5: 0decfab7d27ab1bdce52b84fc91a1cac
SHA-256: abff704ab92ead1d94b4d5d5b09a2eb9b60f38481ff7d459942d5a8278bc39a5
Size: 4.11 MB - pcs-snmp-0.10.18-2.el8_10.1.ML.1.x86_64.rpm
MD5: 3839db1c36de7179142a8e60dd4dd687
SHA-256: d42d91c0772bfcf47f2ef9441eeb96501fa4aff1750a4dcfdf246c4b75316506
Size: 80.73 kB
English