spice-gtk-0.11-11.AXS4.1
エラータID: AXSA:2012-921:03
リリース日:
2012/09/20 Thursday - 13:59
題名:
spice-gtk-0.11-11.AXS4.1
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libgo には spice-gtk で setuid あるいは他の特権プログラムで使用されている場合,DBUS_SYSTEM_BUS_ADDRESS 環境変数によって,ローカルのユーザが権限を得たり,任意のコードを実行する脆弱性があります。(CVE-2012-4425)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.
追加情報:
N/A
ダウンロード:
SRPMS
- spice-gtk-0.11-11.AXS4.1.src.rpm
MD5: ab138b66afc0c973c59f8dd15024d8f7
SHA-256: 54a05506558353949d613aa7a61a6acf43f9ec69e0d2bbcee223e8f93e5c3274
Size: 957.86 kB
Asianux Server 4 for x86
- spice-glib-0.11-11.AXS4.1.i686.rpm
MD5: f857f549b261af8c5fc3587eb821a796
SHA-256: c44a0542141d64ebe34cd66170bbdaba7789aeec6775900bf5bff222f7549e15
Size: 270.20 kB - spice-gtk-0.11-11.AXS4.1.i686.rpm
MD5: ca2b57b873a1e58f02990a68c399f1cf
SHA-256: 79ed01261afbc363a9155335253e76f7315f4348376679272f7222ef9b449034
Size: 47.09 kB - spice-gtk-python-0.11-11.AXS4.1.i686.rpm
MD5: f7e70eeda625f8c8fd0b06124ae36aa8
SHA-256: c5abd8c5cda21cc343b08065f8eff7efde420c18accd75725d611defb0810d5e
Size: 18.04 kB
Asianux Server 4 for x86_64
- spice-glib-0.11-11.AXS4.1.x86_64.rpm
MD5: 7897abc0336c9b1a3cde569a0a0cd168
SHA-256: 22f30d795067feb81012d840e181e6684c8aca55c6973d744121340ee8742641
Size: 265.80 kB - spice-gtk-0.11-11.AXS4.1.x86_64.rpm
MD5: 158c827e39ea895700a63ede8b03aebb
SHA-256: b04bf96425a3b5a2a4a9ec8ded0dbed94e54aa9f89c9c39a19cf5674e3005885
Size: 48.02 kB - spice-gtk-python-0.11-11.AXS4.1.x86_64.rpm
MD5: af2e84c29ad2a109ee7cd76f2d2e207b
SHA-256: 0d12c63ee4863f9f982cef84361965ed50c6473257cbc6daab22dde56b3975db
Size: 19.05 kB - spice-glib-0.11-11.AXS4.1.i686.rpm
MD5: f857f549b261af8c5fc3587eb821a796
SHA-256: c44a0542141d64ebe34cd66170bbdaba7789aeec6775900bf5bff222f7549e15
Size: 270.20 kB - spice-gtk-0.11-11.AXS4.1.i686.rpm
MD5: ca2b57b873a1e58f02990a68c399f1cf
SHA-256: 79ed01261afbc363a9155335253e76f7315f4348376679272f7222ef9b449034
Size: 47.09 kB