curl-7.61.1-34.el8_10.2
エラータID: AXSA:2024-8797:06
リリース日:
2024/09/09 Monday - 16:33
題名:
curl-7.61.1-34.el8_10.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libcurl の HTTP/2 機能には、プッシュ処理時のヘッダーサイズ
が最大許容量を超過した場合のメモリ領域の解放処理が欠落して
いることに起因したメモリリークの問題があるため、リモート
の攻撃者により、サービス拒否攻撃 (メモリ枯渇) を可能とする
脆弱性が存在します。(CVE-2024-2398)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
追加情報:
N/A
ダウンロード:
SRPMS
- curl-7.61.1-34.el8_10.2.src.rpm
MD5: 314f1dc828e7887612c2c2390b790499
SHA-256: 98382361467a8d33c6e9492e82dfe66b54bba317feb72539b51f14effa0d4fa3
Size: 2.50 MB
Asianux Server 8 for x86_64
- curl-7.61.1-34.el8_10.2.x86_64.rpm
MD5: 13e47696925492182b542f423b3b3407
SHA-256: 55633a35593e8cff154f7b5562fe119907ea385f469916b67730933108cf65d8
Size: 352.61 kB - libcurl-7.61.1-34.el8_10.2.i686.rpm
MD5: 45403949fd3c5c6785278826f9e997b9
SHA-256: c43d1bffca09499b969c0ff8abb853e19c242d12e70d0aa3a3d99e7f81898f3e
Size: 330.79 kB - libcurl-7.61.1-34.el8_10.2.x86_64.rpm
MD5: d3e5bc7109c3c43486a3d6f898ea518c
SHA-256: 343299419617131863c56532fb0df92acb57d5e2cff27813c3bfd947e2f6bc58
Size: 302.89 kB - libcurl-devel-7.61.1-34.el8_10.2.i686.rpm
MD5: 40540dd1599f128496758d6a7e78ed4f
SHA-256: 2640c2e6a0863d17015307818b734fef075d70ad64de71ee893cbd6006bf3b9b
Size: 834.87 kB - libcurl-devel-7.61.1-34.el8_10.2.x86_64.rpm
MD5: f644c103518333bdb625ef6ed16e73b8
SHA-256: b1051f1817c948074530becfccf45a72e3e687253f265029d4a6d41f72c7ee9d
Size: 834.82 kB - libcurl-minimal-7.61.1-34.el8_10.2.i686.rpm
MD5: 9766154c9c58e72dacfaefb5ac0e6350
SHA-256: 9f6a57782910ef8b1e979779a9ca642ea116fcb4f340a15735a6cc5496d6fcb6
Size: 315.90 kB - libcurl-minimal-7.61.1-34.el8_10.2.x86_64.rpm
MD5: 153979b78bb8900c934481ea8baff0de
SHA-256: dc2829507414698ed1ef67b11921e93210f91adc62455776bf8aa667b04451d7
Size: 289.11 kB