pcs-0.10.18-2.el8_10.2.ML.1
エラータID: AXSA:2024-8811:05
リリース日:
2024/09/18 Wednesday - 17:07
題名:
pcs-0.10.18-2.el8_10.2.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- REXML には、空白文字、'>]'、']>' などの特定の文字を多く含む
XML 形式のデータの解析処理に問題があるため、リモートの
攻撃者により、細工された XML 形式のデータの処理を介して、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-41123)
- REXML には、SAX2 もしくはプルパーサー API を用い XML
形式のデータの解析処理に問題があるため、ローカルの攻撃者
により、多数のエンティティ拡張を含むように細工された XML
形式のデータの解析を介して、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2024-41946)
- REXML には、リモートの攻撃者により、同じローカル名属性
を持つ多数の要素を含むように細工された XML 形式のデータ
の解析を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-43398)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- pcs-0.10.18-2.el8_10.2.ML.1.src.rpm
MD5: d11ed3e1a094f661421858919cb82f80
SHA-256: 2710091b1911a698fbedf598b041f2121ec099ccef83393d67874e43d534ebc1
Size: 5.16 MB
Asianux Server 8 for x86_64
- pcs-0.10.18-2.el8_10.2.ML.1.x86_64.rpm
MD5: cb1ab77a9a9de3ef18fc20b840f02421
SHA-256: 57a2885a67906894769cf0d801c378e3a2d2d86645969800b93ba75dbde5ae9a
Size: 4.11 MB - pcs-snmp-0.10.18-2.el8_10.2.ML.1.x86_64.rpm
MD5: 8625c90608f66a984f52a38c61604de3
SHA-256: d03060adf8e7e4ccc204c7d174217b14ddcfe26ad4cccb54f8ecefed6342868a
Size: 80.94 kB
English