tuned-2.22.1-5.el8_10.ML.1
エラータID: AXSA:2024-9510:07
リリース日:
2024/12/26 Thursday - 11:53
題名:
tuned-2.22.1-5.el8_10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Tuned には、API の引数のサニタイズ処理に問題があるため、
ローカルの攻撃者により、API 引数への細工された文字列の
指定を介して、ログメッセージの改竄を可能とする脆弱性が
存在します。(CVE-2024-52337)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
追加情報:
N/A
ダウンロード:
SRPMS
- tuned-2.22.1-5.el8_10.ML.1.src.rpm
MD5: d8a2e0c81d8afcacd0fcee7b07976442
SHA-256: 24a4aeb9434f0d305990543214ad8fe1795c8a0f46b7df4bfda7823993dd3daa
Size: 309.86 kB
Asianux Server 8 for x86_64
- tuned-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: 1c9d30c428e63410ef120ffd5f2b7ee7
SHA-256: 0569b483b9626bc154c1b959a1f7647817c47b705f9ba250e307590c9abb9fdd
Size: 366.66 kB - tuned-gtk-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: dc0df58fe436c3eb0704b6bd398f7f42
SHA-256: 54cf714247b198f913647337895c973b5bc72cb8d8965dc588a67c5c8bf2d2d0
Size: 66.96 kB - tuned-profiles-atomic-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: b7d6a321eaf0c099423039627733ca27
SHA-256: ad96c3eb719db95d30c9a8441f841f002a7b5913d6ec1806d38593ae2c2ee438
Size: 41.53 kB - tuned-profiles-compat-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: 706c4c52dd33759ec8858ad6c71f2fdd
SHA-256: 37e85d25579b508c5d0f8ec475ad6e11c1baa0f30895e9127b9d42ae900c634f
Size: 44.86 kB - tuned-profiles-cpu-partitioning-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: a14418c4d393767b718b069a7d96fe24
SHA-256: 4625645047ec7614e7566bf6ab547c0e69277a99276c674b7605dd8bedfd0772
Size: 45.77 kB - tuned-profiles-mssql-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: f66e1133e637b401cbf48f07ac1a0204
SHA-256: 2a427639ff2c7643c3740032f5224df3c096d9872e2ec66cbfb5a8f1f18b0ee2
Size: 41.24 kB - tuned-profiles-oracle-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: a6fb9ef7e0ffc7175fceca78364b881e
SHA-256: 427b27047fc1ffab073380af847d5ab73f5eed2178611714b633225fda0baeb3
Size: 41.31 kB - tuned-profiles-postgresql-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: 5c2851641aa64964c7ccd7b4c4af6cf0
SHA-256: 6fb522b8f91d3a08ac6c65ff851d8746353dea23cb6bf022c778e54f2db7ff30
Size: 42.04 kB - tuned-profiles-realtime-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: 717a75a702c4d9fc495d79f7ff285495
SHA-256: 275e3a58d09d68956a9fbbc98aaebe6ad7f309b3292725674301389b9716f472
Size: 42.90 kB - tuned-utils-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: 8ebc6cb9f468b6faae0ff6fd15c94f68
SHA-256: 91e2084f2568c8b28ceb58b7bd8f457c2de40fd240ea4d704d9869755ce5fb03
Size: 51.23 kB - tuned-utils-systemtap-2.22.1-5.el8_10.ML.1.noarch.rpm
MD5: f76b08e1f32b79d78c2a1962c482dd60
SHA-256: 5133bbab8de493a8f520ab23d8cc5048155b788e44ed530cf29204527882d2db
Size: 56.18 kB
English