pcs-0.10.18-2.el8_10.6.ML.1
エラータID: AXSA:2025-10575:06
リリース日:
2025/07/24 Thursday - 09:45
題名:
pcs-0.10.18-2.el8_10.6.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- REXML には、リモートの攻撃者により、16 進数値の参照文字である
"&#" と "x...;" の間に多数の数字が含まれるように細工された XML
形式のデータの解析を介して、正規表現サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2024-49761)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- pcs-0.10.18-2.el8_10.6.ML.1.src.rpm
MD5: 91384e728aa955b27591200affeeaa86
SHA-256: 6575201d93b9f1fe630f8372c9d30fb2c886a51013932fdcc5e55420130be1cd
Size: 5.17 MB
Asianux Server 8 for x86_64
- pcs-0.10.18-2.el8_10.6.ML.1.x86_64.rpm
MD5: 01767a54b7cc25619ab8fffd9eea5063
SHA-256: 5d7055106f3344ffce87d503a8bcdbd8442e9d272c0259042fd895e856351ca1
Size: 4.11 MB - pcs-snmp-0.10.18-2.el8_10.6.ML.1.x86_64.rpm
MD5: 77ce590a32f5be6fa2602444c76ff45b
SHA-256: c9529c8427527b0fb0802c5b70021b27f101a8c8954a1279b8c7d62e9a8f0854
Size: 81.61 kB
English