rpm-4.8.0-19.1.0.1.AXS4
エラータID: AXSA:2012-489:02
リリース日:
2012/04/13 Friday - 14:52
題名:
rpm-4.8.0-19.1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
-RPM はリージョンタグを適切に検証しておらず,パッケージヘッダの不正なリージョンタグによって,リモートの攻撃者がサービス拒否 (クラッシュ) を引き起こしたり,任意のコードを実行する可能性のある脆弱性があります。(CVE-2012-0060)
-RPM の lib/header.c の headerLoad 関数は適切にリージョンタグを検証しておらず,パッケージヘッダの大きなリージョンサイズによって,リモートの攻撃者がサービス拒否 (クラッシュ) を引き起こしたり,任意のコードを実行する脆弱性があります。(CVE-2012-0061)
-RPM の lib/header.c の headerVerifyInfo 関数は,パッケージヘッダのリージョンオフセットの負値によって,リモートの攻撃者がサービス拒否 (クラッシュ) を引き起こしたり,任意のコードを実行する可能性のある脆弱性があります。(CVE-2012-0815)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-0060
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
CVE-2012-0061
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.
CVE-2012-0815
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.
追加情報:
N/A
ダウンロード:
SRPMS
- rpm-4.8.0-19.1.0.1.AXS4.src.rpm
MD5: 3b9205f5862c9f0b6d96d68a35dd7cea
SHA-256: 8aa5a16258ff08e5375780406d93ff031931b03e256a8748f227c836558f780e
Size: 3.59 MB
Asianux Server 4 for x86
- rpm-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: c859b28682f42e2eea5741695e3d8d80
SHA-256: 2c4e5ed28e617f23a474ffa1908be77b2e5a00d9a6c02c4b8cc66aac18014004
Size: 896.95 kB - rpm-build-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 172bc0ebbec5a0a93cbc77907b691e80
SHA-256: 64e800afc0c1e4ab09e456a57d6891948e57437b34032d929f26e2434bf42732
Size: 124.64 kB - rpm-devel-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 0b6a26b165cd1848dc13a01951e5da48
SHA-256: 049d33c243fd4e536224921d10a44c36d2b4cbe42ad2a1ade6514818074828de
Size: 89.69 kB - rpm-libs-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 6164c50cf46806d15d6d2ae36f5112ab
SHA-256: 43f1031232e011bb1afbac44c4918cc4b1ddfe2650cf2be0679fd9e2f90753a6
Size: 311.11 kB - rpm-python-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 54d39c40e5c37f3e806f2c632abdfd52
SHA-256: ab7ff1c28d2556cb40fb2882d1375a0f808fac265d515de65cd1f7e9bedd84fc
Size: 52.02 kB
Asianux Server 4 for x86_64
- rpm-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 14cc1a486565466b8f1e5c313f804389
SHA-256: bc30b3c04b9d83980bd460e36671b58c7a1e1006ff75c3fd26844ffb2196debe
Size: 897.59 kB - rpm-build-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 1f0c24f05d4104d256a1078185adf51f
SHA-256: 6eaf6b3f1b1846f2c890a2afc238f57d5af3a765828453776a952860ccf434ce
Size: 123.36 kB - rpm-devel-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 5e4e65025a90fa3d9fec63c71a2113a2
SHA-256: 78e75375491af2a74d6f85f1c8dcc0f65a19cdb3859d7b3d126af72e4dbea1db
Size: 89.55 kB - rpm-libs-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: bb4f06f766fcb20c8b52d93e00b12793
SHA-256: 81134bca9ffc79888f189e72970b513100aec1e21a7bea84ca55564104b0f574
Size: 308.06 kB - rpm-python-4.8.0-19.1.0.1.AXS4.x86_64.rpm
MD5: 9cc006aba22353bc1526c10a45cb460e
SHA-256: 436cff713aeeadedf8f7e6e2edcf1d6ffe2fb9ab9adebd9bdc20aee1a1fca724
Size: 52.75 kB - rpm-devel-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 0b6a26b165cd1848dc13a01951e5da48
SHA-256: 049d33c243fd4e536224921d10a44c36d2b4cbe42ad2a1ade6514818074828de
Size: 89.69 kB - rpm-libs-4.8.0-19.1.0.1.AXS4.i686.rpm
MD5: 6164c50cf46806d15d6d2ae36f5112ab
SHA-256: 43f1031232e011bb1afbac44c4918cc4b1ddfe2650cf2be0679fd9e2f90753a6
Size: 311.11 kB