resource-agents-4.9.0-54.el8_10.33
エラータID: AXSA:2026-602:05
リリース日:
2026/05/12 Tuesday - 14:06
題名:
resource-agents-4.9.0-54.el8_10.33
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- pyasn1 には、無限に再起処理が呼び出され続けてしまう問題が
あるため、リモートの攻撃者により、数千個のネストされた特定のタグ
やマーカーを持つように細工された ASN.1 形式のデータのデコード処理
を介して、サービス拒否攻撃 (メモリ枯渇) を可能とする脆弱性が存在
します。(CVE-2026-30922)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-30922
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.
追加情報:
N/A
ダウンロード:
SRPMS
- resource-agents-4.9.0-54.el8_10.33.src.rpm
MD5: 7d3d6b8d0af034a1dda82e576257b974
SHA-256: 17fbf4c4e10e7bb525946426fb1e894effe510600c1dbd712a104e0dfdffb6f4
Size: 95.68 MB
Asianux Server 8 for x86_64
- resource-agents-4.9.0-54.el8_10.33.x86_64.rpm
MD5: e9c9758e9a4090d225a79ad285d4ea76
SHA-256: e276d1e8774679b8947bef1007cfbdab22d05d9111be1c30dce168a4188a4b5b
Size: 553.01 kB - resource-agents-aliyun-4.9.0-54.el8_10.33.x86_64.rpm
MD5: 39475d6aa54d426a3f433e2517a10dd1
SHA-256: d9d6813564901ddb9ce185216b7d5a4b8cf3b29fd24be268d996a3633b7de8d4
Size: 2.66 MB - resource-agents-gcp-4.9.0-54.el8_10.33.x86_64.rpm
MD5: b483d016b7f5b2b95bc0de8fcdaaa791
SHA-256: 6ff62abc9c3a61cbee21e8de47e509ca80acb4e6060734fd2560336dcbd1b290
Size: 21.81 MB - resource-agents-paf-4.9.0-54.el8_10.33.x86_64.rpm
MD5: 010addccf84ed94ee46b37396303f8d1
SHA-256: 959f12e03beb07920935f5e88ed5c27ebfcb184887b0f9838463d30d9f56a61e
Size: 78.05 kB
English