bzip2-1.0.3-4AXS3
エラータID: AXSA:2008-274:01
リリース日:
2008/10/08 Wednesday - 21:06
題名:
bzip2-1.0.3-4AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- bzip2 の bzlib.c には、ファイルの展開処理に不備が存在するため、bzip がクラッシュする脆弱性が存在します。(CVE-2008-1372)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-1372
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- bzip2-1.0.3-4AXS3.i386.rpm
MD5: 9ef0d1f9045074595a06cb6bde5172a8
SHA-256: 0d962f9f74a6bef139665970aad63a8f0e65be7c2d91d50324d54e21cc30c75b
Size: 48.69 kB - bzip2-devel-1.0.3-4AXS3.i386.rpm
MD5: 25395dcf6a3d8c46b0df33019c7c40cf
SHA-256: d0d65843aeba025c2f83dd230c1b2eb490df35e1823410a61cbe9fea72066a07
Size: 38.74 kB - bzip2-libs-1.0.3-4AXS3.i386.rpm
MD5: 43c5d36f03fe158a6fb251b235740129
SHA-256: 96a4ec5814e715f002299fa48cb50c4626616903d012d3de09573386ca731215
Size: 36.90 kB
Asianux Server 3 for x86_64
- bzip2-1.0.3-4AXS3.x86_64.rpm
MD5: 54fafa00d1cf77d1f08221da4f246b8c
SHA-256: cee38ba38a1ac76736fdb961d1d8215645900b726171ed859842e62ef3203133
Size: 49.60 kB - bzip2-devel-1.0.3-4AXS3.x86_64.rpm
MD5: 2b2cb6bdfb3d854b41c13dbbe03eb792
SHA-256: 69ec153cf2c43d7c201010cf8f52c3b995bfb6400999c264a34b296fc8eea839
Size: 38.25 kB - bzip2-libs-1.0.3-4AXS3.x86_64.rpm
MD5: b117dc2a61b7ff892c5c676f6749e35c
SHA-256: e0ebf449fc2bc8d40ba1a878e85ed449b39db8ef145f32972a630c52631cbf87
Size: 35.32 kB