ibutils-1.5.7-8.AXS4, libibverbs-1.1.7-1.AXS4, libmlx4-1.0.5-4.AXS4.1, librdmacm-1.0.17-1.AXS4, mpit

エラータID: AXSA:2014-192:01

リリース日: 
2014/04/11 Friday - 14:54
題名: 
ibutils-1.5.7-8.AXS4, libibverbs-1.1.7-1.AXS4, libmlx4-1.0.5-4.AXS4.1, librdmacm-1.0.17-1.AXS4, mpit
影響のあるチャネル: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- ibacm.port が指定されていない場合,librdmacm はポート6125 に接続し,不正な ib_acm サービスによって,リモートの攻撃者がアプリケーションのアドレス解決情報を指定することができる脆弱性があります。(CVE-2012-4516)

- OpenFabrics ibutils には, /tmp の (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, あるいは (10) ibdiagnet.sm ファイル上のシンボリックリンク攻撃によって,ローカルのユーザが任意のファイルを上書きすることができる脆弱性があります。(CVE-2013-2561)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2012-4516
librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
CVE-2013-2561
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. ibutils-1.5.7-8.AXS4.src.rpm
    MD5: 429a200250604b5746e3ac137f79491d
    SHA-256: 40074359caa45440d90bfce746831ba1626aa868d85720a8c3305087bf50aeea
    Size: 3.39 MB
  2. infinipath-psm-3.0.1-115.1015_open.2.AXS4.src.rpm
    MD5: 9ff4fbd30f09899b72b93c0e18684eec
    SHA-256: 71b670bb46546f6c4444939ba18e090c7e03dfe3069a782bc032884f09c3a49d
    Size: 358.90 kB
  3. libibverbs-1.1.7-1.AXS4.src.rpm
    MD5: 7810ec5a7b06b7e7b56d39defd4b24eb
    SHA-256: ee28a554424fcef7ffe3dee14938fd99557e623c363402af66b224c3058e0cc4
    Size: 393.42 kB
  4. libmlx4-1.0.5-4.AXS4.1.src.rpm
    MD5: bb823af65abdd6b0a34a44e7d61214bc
    SHA-256: e183199dc93857a4b997cc0e3caed24d728eeab5b68943f326d6fad6e0fd82b0
    Size: 330.27 kB
  5. librdmacm-1.0.17-1.AXS4.src.rpm
    MD5: 333c0dc14e04d30028de92a2cc7e2069
    SHA-256: ca118d6ab47f83784a5e01b42379cb8f8df43846e6aeded9e9565278212a2480
    Size: 395.43 kB
  6. mpitests-3.2-9.AXS4.src.rpm
    MD5: 157bf9865483f08d797b6514921901f9
    SHA-256: f6bd1d4275f34ee494a3a875a4d91afffe5648116557dacb01795c20216eed49
    Size: 261.63 kB
  7. mstflint-3.0-0.6.g6961daa.1.AXS4.src.rpm
    MD5: c73bd154bb92832c36e08ba23c75513b
    SHA-256: 7c370065e2f4d330705caae11167c18b981ef21029a9c125ba643cc3b82ade43
    Size: 772.71 kB
  8. openmpi-1.5.4-2.AXS4.src.rpm
    MD5: 9eb83ff60299e60324a91e0d0c4f0bae
    SHA-256: ef898a0455e18112ddc322c1e735d7cf6d121b151de11f776fb6c02479ca88e2
    Size: 7.20 MB
  9. perftest-2.0-2.AXS4.src.rpm
    MD5: e3accd09a68282452b0eecaa13af6f0f
    SHA-256: 4a77b6aea7d254db8d6b248da516daadc8294766c9d94fdcefe44aa922b271f2
    Size: 706.14 kB
  10. qperf-0.4.9-1.AXS4.src.rpm
    MD5: 56e5ac1a0006c6d54fdf05b5913a5734
    SHA-256: dc4137c9c0bfa2d191900f2c0e693de52b57cfef688c3053d347fdb25359912b
    Size: 207.83 kB
  11. rdma-3.10-3.AXS4.src.rpm
    MD5: 53d8af12c7678bf8845baef0dbaa482f
    SHA-256: 46f46221633ef7f68e4e63f6e8bdf66723d51078821bb4ad82500e27391080c6
    Size: 23.73 kB

Asianux Server 4 for x86
  1. ibutils-1.5.7-8.AXS4.i686.rpm
    MD5: 23ceb9689f115b20bb60c1bf58e922a3
    SHA-256: 127fd5edb1c33d74b08c7f53d9c0fcb44bd88dadfce2e69ac5e4aa4ea458bb3a
    Size: 1.04 MB
  2. ibutils-libs-1.5.7-8.AXS4.i686.rpm
    MD5: afa3a990571047ef0862742ec85cd3b5
    SHA-256: f00619da63cf3ac56fb3d942e6fb148775d5661992cc1cd130ef8b7031f102fd
    Size: 894.65 kB
  3. libibverbs-1.1.7-1.AXS4.i686.rpm
    MD5: a8f0a5dad012605778179cf78e62d7de
    SHA-256: c05b7347145929f71b82b38cbd102ba5307dba55d53638b2222ff506b5effa25
    Size: 45.00 kB
  4. libibverbs-devel-1.1.7-1.AXS4.i686.rpm
    MD5: 45c636d63e451b63f4179329e3bdd268
    SHA-256: 7aca5a43cf0e28b73f85898f74db43d765dea0143e20d7906c392a8fd8597485
    Size: 60.63 kB
  5. libibverbs-utils-1.1.7-1.AXS4.i686.rpm
    MD5: c426dd1950630e27c07572e39773590c
    SHA-256: f56b433f2bdd7babb582d11662d51ea213698d12c1e52a3c7b1213785663d62d
    Size: 35.51 kB
  6. libmlx4-1.0.5-4.AXS4.1.i686.rpm
    MD5: a984cd7268583cae9eaee77ab4d32160
    SHA-256: ccb0e12d4ef5da5d32dc137102e0496d5ea59fb9d28281ac47dd0ce19dfedb44
    Size: 29.18 kB
  7. librdmacm-1.0.17-1.AXS4.i686.rpm
    MD5: 9a6f3dff939d812eacb22fbd61f5661a
    SHA-256: 7f6aea0bc449a96842a8bca11384316607811558e13a6825fc7a7df4af70c4a5
    Size: 56.04 kB
  8. librdmacm-utils-1.0.17-1.AXS4.i686.rpm
    MD5: 267bc211f1635ee5e1200893acbb5616
    SHA-256: 5f3426c1bf7895112c1201a5b761eb8b1ed4f6a41e2945f24cee87cfef56ec49
    Size: 54.59 kB
  9. mpitests-mvapich2-3.2-9.AXS4.i686.rpm
    MD5: b31663b90951e7e3df65441621f9f1bd
    SHA-256: f8f65570faa3cc1c5f1d579b340038212fce3ec4cbdce1e074b9aa617f90ae41
    Size: 66.94 kB
  10. mpitests-mvapich-3.2-9.AXS4.i686.rpm
    MD5: c6287b3466025e6904fe515d61bffb5c
    SHA-256: ce0dee9ad32a0561331f6c109c44a65e97af00b287cab0608e16b6aae26ae602
    Size: 17.27 kB
  11. mpitests-openmpi-3.2-9.AXS4.i686.rpm
    MD5: 13dd58fd513aeff4acb27483cb99c845
    SHA-256: 0f26fdce328a5c17aa2e17e556c5496d4e238272569a6c10a06db4ab27cd624d
    Size: 64.54 kB
  12. mstflint-3.0-0.6.g6961daa.1.AXS4.i686.rpm
    MD5: c6df7a209f8a3e22c27d35d81855d4b3
    SHA-256: 2d8c291ad18d4623debf3c6607b93ba25a00b21d976d3d81944240268fcc7ff8
    Size: 111.25 kB
  13. openmpi-1.5.4-2.AXS4.i686.rpm
    MD5: e009c81c1386636593db32f529a9eda4
    SHA-256: d9f73459d503ce635dd33e7e196898878e861dcf2c50f873890c9315604ff90b
    Size: 2.15 MB
  14. openmpi-devel-1.5.4-2.AXS4.i686.rpm
    MD5: 87abbd89bbb6de2530fc74f0d088f320
    SHA-256: 762b15cb94903650cef37a0fd5bd7c87f5e1f3cd843049bb820f811f77691a47
    Size: 2.33 MB
  15. perftest-2.0-2.AXS4.i686.rpm
    MD5: 65dcc768d1c00d88ea8dcfad2578e7b7
    SHA-256: 0b959a4d3f7905524ace2b34e9e4802f650916764aa19031c8d2b91112ffdfb9
    Size: 79.43 kB
  16. qperf-0.4.9-1.AXS4.i686.rpm
    MD5: 5df257c98bf9f6d89b298b4a78d98ee3
    SHA-256: 3fff564d5a2bd3c0c9b68f75ed6622a4a5293ac624ec193e929abff95e412476
    Size: 53.71 kB
  17. rdma-3.10-3.AXS4.noarch.rpm
    MD5: a1d64ca5764fa854caef5768424cdd3e
    SHA-256: 44f4a55e42ee062f244d28bab24816f373a467165fc82a979415d3a7f0920391
    Size: 21.96 kB

Asianux Server 4 for x86_64
  1. ibutils-1.5.7-8.AXS4.x86_64.rpm
    MD5: 440adfdef15bc12f18f10bf4022c83d0
    SHA-256: 9d2a62b0bc788ce8c109b343233658de806b07bfc707e148fd26c9c54a0d6e30
    Size: 1.05 MB
  2. ibutils-libs-1.5.7-8.AXS4.x86_64.rpm
    MD5: a8e6e247b1a622577a7546327365ce48
    SHA-256: e0a85a7ce0597fca17933350dd4d660f335835bac5a32ea79ad465e97bfcdf02
    Size: 902.18 kB
  3. ibutils-libs-1.5.7-8.AXS4.i686.rpm
    MD5: afa3a990571047ef0862742ec85cd3b5
    SHA-256: f00619da63cf3ac56fb3d942e6fb148775d5661992cc1cd130ef8b7031f102fd
    Size: 894.65 kB
  4. infinipath-psm-3.0.1-115.1015_open.2.AXS4.x86_64.rpm
    MD5: a711a7d973c76f377f311ce8b0714a07
    SHA-256: 163727eb9303e56f94de7969a76c995c539df9e576dc52190da47c823db8f571
    Size: 157.80 kB
  5. libibverbs-1.1.7-1.AXS4.x86_64.rpm
    MD5: 9c910fb6c141c474f692860cd8c488eb
    SHA-256: 1f29de951465140705b42374250255a34b9cbeee129ea084b444131b7690825f
    Size: 44.32 kB
  6. libibverbs-devel-1.1.7-1.AXS4.x86_64.rpm
    MD5: aa07e0bd083791a95defbd0fa9bf998b
    SHA-256: 90ae5499785388bfa4bb8c32336ea7e1df3f2090e76f107f741982665d262a4c
    Size: 60.20 kB
  7. libibverbs-utils-1.1.7-1.AXS4.x86_64.rpm
    MD5: 407c95f656b11c7765659d64743db76a
    SHA-256: a6cf4d37b6bee6c3d469f78f10156c1a7a6af503c82887124e3ebb434f4871af
    Size: 34.59 kB
  8. libibverbs-1.1.7-1.AXS4.i686.rpm
    MD5: a8f0a5dad012605778179cf78e62d7de
    SHA-256: c05b7347145929f71b82b38cbd102ba5307dba55d53638b2222ff506b5effa25
    Size: 45.00 kB
  9. libibverbs-devel-1.1.7-1.AXS4.i686.rpm
    MD5: 45c636d63e451b63f4179329e3bdd268
    SHA-256: 7aca5a43cf0e28b73f85898f74db43d765dea0143e20d7906c392a8fd8597485
    Size: 60.63 kB
  10. libmlx4-1.0.5-4.AXS4.1.x86_64.rpm
    MD5: 04343f4a590cb5d5fbd0fa787670b4fa
    SHA-256: 8d9ed86fbfa1858cef629ae2cb55a92cfae275031076f4c1671169633f642fdf
    Size: 28.57 kB
  11. libmlx4-1.0.5-4.AXS4.1.i686.rpm
    MD5: a984cd7268583cae9eaee77ab4d32160
    SHA-256: ccb0e12d4ef5da5d32dc137102e0496d5ea59fb9d28281ac47dd0ce19dfedb44
    Size: 29.18 kB
  12. librdmacm-1.0.17-1.AXS4.x86_64.rpm
    MD5: cd63ab9f9901f4772d720946ae1a4f55
    SHA-256: 4369c9ef82858340213e67b97ffdaa053d4d13004e1ce172579cf217b30345f6
    Size: 54.77 kB
  13. librdmacm-devel-1.0.17-1.AXS4.x86_64.rpm
    MD5: 84cdfc911f8171ac96ffa3906bba2539
    SHA-256: 47b179da28dbcc8d3b5d3c7d9dea895cb342b3be3b70e5c3e560434cab76b7d8
    Size: 66.96 kB
  14. librdmacm-utils-1.0.17-1.AXS4.x86_64.rpm
    MD5: 3f2d71c3999ccfa9756d57e4f82b07a3
    SHA-256: ea420867bc0993bb3111f51d00ee28d7ca2711a81d135715adcf1e89b6b131a8
    Size: 54.55 kB
  15. librdmacm-1.0.17-1.AXS4.i686.rpm
    MD5: 9a6f3dff939d812eacb22fbd61f5661a
    SHA-256: 7f6aea0bc449a96842a8bca11384316607811558e13a6825fc7a7df4af70c4a5
    Size: 56.04 kB
  16. librdmacm-devel-1.0.17-1.AXS4.i686.rpm
    MD5: dfcebcf05c192db5ba5592bb93148482
    SHA-256: 4e431695307f17c8ed2e0eb8414848ce97476aff92207b28875d0550588bc336
    Size: 67.39 kB
  17. mpitests-mvapich2-3.2-9.AXS4.x86_64.rpm
    MD5: b28204d306fbca7bd88098c88ffff332
    SHA-256: 0b50333ed618371b7ba3d56fe9af19123b0d76343cd875b590544ae73c0f53e8
    Size: 71.04 kB
  18. mpitests-mvapich-3.2-9.AXS4.x86_64.rpm
    MD5: c6a279a0bd254442ff98c8d91516b388
    SHA-256: 7bea6bf82f3ed620937260715d33b5b4bc485349fafb12029a281f272a7cdd3f
    Size: 17.30 kB
  19. mpitests-openmpi-3.2-9.AXS4.x86_64.rpm
    MD5: c2c3367368a774730d8b33217a4614bd
    SHA-256: 3b068f45ca61ea3e25e35014518317ac33e42c17956f7c6cc2cae7ff65436764
    Size: 72.66 kB
  20. mstflint-3.0-0.6.g6961daa.1.AXS4.x86_64.rpm
    MD5: 646cf6760dd7bbf3288320657bb46b35
    SHA-256: fa8015c46d87afcbae207897a2b3d57ff77cde0e66b3a9b3a25c54db196bbef4
    Size: 109.29 kB
  21. openmpi-1.5.4-2.AXS4.x86_64.rpm
    MD5: 91aefbbe0b6a5ea5ba9f5b19cc3aebea
    SHA-256: 68263853699f8e5982883f3228d99a3d4f36c42eb2b50401d67c08c1f1a239b6
    Size: 2.21 MB
  22. openmpi-devel-1.5.4-2.AXS4.x86_64.rpm
    MD5: 7ed573b3ab20ce39db76da0d01a8c13f
    SHA-256: d764c7c0a0b40b3c19a489e89ac97d9012eb23452bff1252be226437fc18066f
    Size: 2.36 MB
  23. openmpi-1.5.4-2.AXS4.i686.rpm
    MD5: e009c81c1386636593db32f529a9eda4
    SHA-256: d9f73459d503ce635dd33e7e196898878e861dcf2c50f873890c9315604ff90b
    Size: 2.15 MB
  24. openmpi-devel-1.5.4-2.AXS4.i686.rpm
    MD5: 87abbd89bbb6de2530fc74f0d088f320
    SHA-256: 762b15cb94903650cef37a0fd5bd7c87f5e1f3cd843049bb820f811f77691a47
    Size: 2.33 MB
  25. perftest-2.0-2.AXS4.x86_64.rpm
    MD5: 3e50fbc2c67e87065dcc0712f91cd354
    SHA-256: f0fcfb678b40c2e9fc52d1dfb218f47ce5b3af7ff484692c515915da99273f06
    Size: 80.91 kB
  26. qperf-0.4.9-1.AXS4.x86_64.rpm
    MD5: d6b8d0c3243a782c68a6667953d38066
    SHA-256: 6e7a1258739c592a7ae7b61ee94e1812fe23e9d6e37263decc710e8ea2e23c15
    Size: 53.90 kB
  27. rdma-3.10-3.AXS4.noarch.rpm
    MD5: d0c2b78ca14a9e1dfca46ae5a849368f
    SHA-256: e4d1929daa7a388ded33c3226acdae50b8dc5256e5709972754be79f00f2f2cf
    Size: 21.51 kB