libvirt-0.9.10-21.8.0.1.AXS4
エラータID: AXSA:2013-90:02
リリース日:
2013/02/22 Friday - 21:01
題名:
libvirt-0.9.10-21.8.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libvirt の rpc/virnetserverclient.c の virNetMessageFree 関数には,解放後使用の脆弱性が存在し,RPC 接続中に特定のエラーを引き起こすことによって,リモートの攻撃者がサービス拒否 (クラッシュ) を引き起こしたり,任意のコードを実行する可能性のある脆弱性があります。(CVE-2013-0170)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-0170
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
追加情報:
N/A
ダウンロード:
SRPMS
- libvirt-0.9.10-21.8.0.1.AXS4.src.rpm
MD5: e851626a276079457355eafabf73b547
SHA-256: 5710934cb3d817c54d93fee9ac75a5980e33e1c19af467c5b9048e64d2a73c65
Size: 18.88 MB
Asianux Server 4 for x86
- libvirt-0.9.10-21.8.0.1.AXS4.i686.rpm
MD5: 9fab762645cb8f4a89a2cdaa8b340370
SHA-256: 449857c8b195812b9ca27545248ea8a6691607331a917e79efe51bffdebd54bc
Size: 1.66 MB - libvirt-client-0.9.10-21.8.0.1.AXS4.i686.rpm
MD5: 55704b7bb503b4e42cdb7f9681fa438e
SHA-256: ad2de28056ca9bbef040f82567893f4943dc2420e79055069607783ad75d1550
Size: 3.21 MB - libvirt-devel-0.9.10-21.8.0.1.AXS4.i686.rpm
MD5: 3611ca9cf71bf39aa966330a35c39fd9
SHA-256: 59f82d38fea34c5f734d2edf3bd25c98c6bf511dacf0365f37a6863480a92823
Size: 276.59 kB - libvirt-python-0.9.10-21.8.0.1.AXS4.i686.rpm
MD5: 4986fd2b312a3f185155da47a822693f
SHA-256: 78583bea6b2213a9354631961c47eed86bc0fce310515926ae3213456f0cf47d
Size: 395.91 kB
Asianux Server 4 for x86_64
- libvirt-0.9.10-21.8.0.1.AXS4.x86_64.rpm
MD5: f7bbc3c541a2214310b9109350dc5d3e
SHA-256: 07f0881fa639f538b4c94149e490640fad0ca616f69ffc1df00c52b5c8a41caa
Size: 1.89 MB - libvirt-client-0.9.10-21.8.0.1.AXS4.x86_64.rpm
MD5: 81b9340c100992bb3d491de1e1caa472
SHA-256: 71cf23d130177ded12c7a6297aa00330cbbba71b9bab6f56fd7191a2f402d539
Size: 3.23 MB - libvirt-devel-0.9.10-21.8.0.1.AXS4.x86_64.rpm
MD5: bd2817b3dfa921679e11cc4cc86465b7
SHA-256: 91039d3c8f6b516fbcf6b17d1d8545a89773e719547c70ea0cb7efb8f1eae09c
Size: 276.18 kB - libvirt-python-0.9.10-21.8.0.1.AXS4.x86_64.rpm
MD5: effb87b97a4bbd0fe8c0d15765d11330
SHA-256: 996efb697e040fa38ee84b7470c75ede11a4d5e6f681f605d59a7cecccf57aad
Size: 396.12 kB - libvirt-client-0.9.10-21.8.0.1.AXS4.i686.rpm
MD5: 55704b7bb503b4e42cdb7f9681fa438e
SHA-256: ad2de28056ca9bbef040f82567893f4943dc2420e79055069607783ad75d1550
Size: 3.21 MB - libvirt-devel-0.9.10-21.8.0.1.AXS4.i686.rpm
MD5: 3611ca9cf71bf39aa966330a35c39fd9
SHA-256: 59f82d38fea34c5f734d2edf3bd25c98c6bf511dacf0365f37a6863480a92823
Size: 276.59 kB