dbus-1.2.24-7.AXS4
エラータID: AXSA:2012-954:01
リリース日:
2012/12/10 Monday - 15:18
題名:
dbus-1.2.24-7.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libdbus には X.org や場合によると他の製品で setuid あるいは他の権限を持った他のプログラムを使用している場合,DBUS_SYSTEM_BUS_ADDRESS 環境変数によって,ローカルのユーザが権限を得たり,任意のコードを実行する脆弱性があります。
注:libdbus のメンテナは次のように述べています。これは環境変数をきれいにしていないアプリケーションの脆弱性であり,libdbus それ自体の脆弱性ではありません。「libdbus を最初に呼び出す前に環境をサニタイズしない seduid バイナリでの libdbus ライブラリの使用を私たちはサポートしません。」(CVE-2012-3524)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus."
追加情報:
N/A
ダウンロード:
SRPMS
- dbus-1.2.24-7.AXS4.src.rpm
MD5: 3838169c12cdf7fc294c9a28ae26a029
SHA-256: 5143a75839fc44c7b7d7196023bb23d3795018a4e0447b9792f423672b3f76e1
Size: 1.64 MB
Asianux Server 4 for x86
- dbus-1.2.24-7.AXS4.i686.rpm
MD5: 14d4acf0fd08b39e2c0891b3ff57c3e0
SHA-256: 06ca920dfe1c82a908f7223c7927cd3bbda541e3c315696b058983bdf8d474f8
Size: 210.53 kB - dbus-devel-1.2.24-7.AXS4.i686.rpm
MD5: 91d33fe95fa3b999a997d48c81056456
SHA-256: 140be6eb1e4d85b25d12bd24283e5cd54c14f3a1effedd83ba80330de146f968
Size: 45.93 kB - dbus-libs-1.2.24-7.AXS4.i686.rpm
MD5: 3830f946eb9432af5e6df9d367681628
SHA-256: 2ede25c402612e794046581076998bdaea9829f0b7f9fa4f5630583f9b9684e4
Size: 128.08 kB - dbus-x11-1.2.24-7.AXS4.i686.rpm
MD5: 58111f357ad7fdae7a96487d87e6f197
SHA-256: a09d17c37d746230b839d87b8a8fcc31fadd0eebb2cdcce3f50a9d4651c35f9a
Size: 38.63 kB
Asianux Server 4 for x86_64
- dbus-1.2.24-7.AXS4.x86_64.rpm
MD5: 5522dc07883d445ce60f80a6f46896ef
SHA-256: 4dd5e9bc8952fdaedfea38b44a77a8f1da87ebfa11e7698bd9e95969fc5a56d2
Size: 206.18 kB - dbus-devel-1.2.24-7.AXS4.x86_64.rpm
MD5: 1c74adad5341205f6df43ae5f0ca2ea2
SHA-256: 078d20d929c40c6e247a1cb55df6b5ee85f352268389f915b2888f801cdd02a4
Size: 45.49 kB - dbus-libs-1.2.24-7.AXS4.x86_64.rpm
MD5: 3524562fc2feae54d83326c53015d9af
SHA-256: 21cf7db60e2a21855e0d068c40736569711afde62b9ac15a7c2766aa3e51c79f
Size: 125.75 kB - dbus-x11-1.2.24-7.AXS4.x86_64.rpm
MD5: 9a9acc61916aa1fb6b82453750275df4
SHA-256: c24f8427dc092811f249bdebf84059fb477b33313a57d59910b4a62d2c61a0ae
Size: 38.85 kB - dbus-devel-1.2.24-7.AXS4.i686.rpm
MD5: 91d33fe95fa3b999a997d48c81056456
SHA-256: 140be6eb1e4d85b25d12bd24283e5cd54c14f3a1effedd83ba80330de146f968
Size: 45.93 kB - dbus-libs-1.2.24-7.AXS4.i686.rpm
MD5: 3830f946eb9432af5e6df9d367681628
SHA-256: 2ede25c402612e794046581076998bdaea9829f0b7f9fa4f5630583f9b9684e4
Size: 128.08 kB