ibutils-1.5.7-8.AXS4, libibverbs-1.1.7-1.AXS4, libmlx4-1.0.5-4.AXS4.1, librdmacm-1.0.17-1.AXS4, mpit
エラータID: AXSA:2014-192:01
リリース日:
2014/04/11 Friday - 14:54
題名:
ibutils-1.5.7-8.AXS4, libibverbs-1.1.7-1.AXS4, libmlx4-1.0.5-4.AXS4.1, librdmacm-1.0.17-1.AXS4, mpit
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- ibacm.port が指定されていない場合,librdmacm はポート6125 に接続し,不正な ib_acm サービスによって,リモートの攻撃者がアプリケーションのアドレス解決情報を指定することができる脆弱性があります。(CVE-2012-4516)
- OpenFabrics ibutils には, /tmp の (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, あるいは (10) ibdiagnet.sm ファイル上のシンボリックリンク攻撃によって,ローカルのユーザが任意のファイルを上書きすることができる脆弱性があります。(CVE-2013-2561)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-4516
librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm service.
CVE-2013-2561
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
追加情報:
N/A
ダウンロード:
SRPMS
- ibutils-1.5.7-8.AXS4.src.rpm
MD5: 429a200250604b5746e3ac137f79491d
SHA-256: 40074359caa45440d90bfce746831ba1626aa868d85720a8c3305087bf50aeea
Size: 3.39 MB - infinipath-psm-3.0.1-115.1015_open.2.AXS4.src.rpm
MD5: 9ff4fbd30f09899b72b93c0e18684eec
SHA-256: 71b670bb46546f6c4444939ba18e090c7e03dfe3069a782bc032884f09c3a49d
Size: 358.90 kB - libibverbs-1.1.7-1.AXS4.src.rpm
MD5: 7810ec5a7b06b7e7b56d39defd4b24eb
SHA-256: ee28a554424fcef7ffe3dee14938fd99557e623c363402af66b224c3058e0cc4
Size: 393.42 kB - libmlx4-1.0.5-4.AXS4.1.src.rpm
MD5: bb823af65abdd6b0a34a44e7d61214bc
SHA-256: e183199dc93857a4b997cc0e3caed24d728eeab5b68943f326d6fad6e0fd82b0
Size: 330.27 kB - librdmacm-1.0.17-1.AXS4.src.rpm
MD5: 333c0dc14e04d30028de92a2cc7e2069
SHA-256: ca118d6ab47f83784a5e01b42379cb8f8df43846e6aeded9e9565278212a2480
Size: 395.43 kB - mpitests-3.2-9.AXS4.src.rpm
MD5: 157bf9865483f08d797b6514921901f9
SHA-256: f6bd1d4275f34ee494a3a875a4d91afffe5648116557dacb01795c20216eed49
Size: 261.63 kB - mstflint-3.0-0.6.g6961daa.1.AXS4.src.rpm
MD5: c73bd154bb92832c36e08ba23c75513b
SHA-256: 7c370065e2f4d330705caae11167c18b981ef21029a9c125ba643cc3b82ade43
Size: 772.71 kB - openmpi-1.5.4-2.AXS4.src.rpm
MD5: 9eb83ff60299e60324a91e0d0c4f0bae
SHA-256: ef898a0455e18112ddc322c1e735d7cf6d121b151de11f776fb6c02479ca88e2
Size: 7.20 MB - perftest-2.0-2.AXS4.src.rpm
MD5: e3accd09a68282452b0eecaa13af6f0f
SHA-256: 4a77b6aea7d254db8d6b248da516daadc8294766c9d94fdcefe44aa922b271f2
Size: 706.14 kB - qperf-0.4.9-1.AXS4.src.rpm
MD5: 56e5ac1a0006c6d54fdf05b5913a5734
SHA-256: dc4137c9c0bfa2d191900f2c0e693de52b57cfef688c3053d347fdb25359912b
Size: 207.83 kB - rdma-3.10-3.AXS4.src.rpm
MD5: 53d8af12c7678bf8845baef0dbaa482f
SHA-256: 46f46221633ef7f68e4e63f6e8bdf66723d51078821bb4ad82500e27391080c6
Size: 23.73 kB
Asianux Server 4 for x86
- ibutils-1.5.7-8.AXS4.i686.rpm
MD5: 23ceb9689f115b20bb60c1bf58e922a3
SHA-256: 127fd5edb1c33d74b08c7f53d9c0fcb44bd88dadfce2e69ac5e4aa4ea458bb3a
Size: 1.04 MB - ibutils-libs-1.5.7-8.AXS4.i686.rpm
MD5: afa3a990571047ef0862742ec85cd3b5
SHA-256: f00619da63cf3ac56fb3d942e6fb148775d5661992cc1cd130ef8b7031f102fd
Size: 894.65 kB - libibverbs-1.1.7-1.AXS4.i686.rpm
MD5: a8f0a5dad012605778179cf78e62d7de
SHA-256: c05b7347145929f71b82b38cbd102ba5307dba55d53638b2222ff506b5effa25
Size: 45.00 kB - libibverbs-devel-1.1.7-1.AXS4.i686.rpm
MD5: 45c636d63e451b63f4179329e3bdd268
SHA-256: 7aca5a43cf0e28b73f85898f74db43d765dea0143e20d7906c392a8fd8597485
Size: 60.63 kB - libibverbs-utils-1.1.7-1.AXS4.i686.rpm
MD5: c426dd1950630e27c07572e39773590c
SHA-256: f56b433f2bdd7babb582d11662d51ea213698d12c1e52a3c7b1213785663d62d
Size: 35.51 kB - libmlx4-1.0.5-4.AXS4.1.i686.rpm
MD5: a984cd7268583cae9eaee77ab4d32160
SHA-256: ccb0e12d4ef5da5d32dc137102e0496d5ea59fb9d28281ac47dd0ce19dfedb44
Size: 29.18 kB - librdmacm-1.0.17-1.AXS4.i686.rpm
MD5: 9a6f3dff939d812eacb22fbd61f5661a
SHA-256: 7f6aea0bc449a96842a8bca11384316607811558e13a6825fc7a7df4af70c4a5
Size: 56.04 kB - librdmacm-utils-1.0.17-1.AXS4.i686.rpm
MD5: 267bc211f1635ee5e1200893acbb5616
SHA-256: 5f3426c1bf7895112c1201a5b761eb8b1ed4f6a41e2945f24cee87cfef56ec49
Size: 54.59 kB - mpitests-mvapich2-3.2-9.AXS4.i686.rpm
MD5: b31663b90951e7e3df65441621f9f1bd
SHA-256: f8f65570faa3cc1c5f1d579b340038212fce3ec4cbdce1e074b9aa617f90ae41
Size: 66.94 kB - mpitests-mvapich-3.2-9.AXS4.i686.rpm
MD5: c6287b3466025e6904fe515d61bffb5c
SHA-256: ce0dee9ad32a0561331f6c109c44a65e97af00b287cab0608e16b6aae26ae602
Size: 17.27 kB - mpitests-openmpi-3.2-9.AXS4.i686.rpm
MD5: 13dd58fd513aeff4acb27483cb99c845
SHA-256: 0f26fdce328a5c17aa2e17e556c5496d4e238272569a6c10a06db4ab27cd624d
Size: 64.54 kB - mstflint-3.0-0.6.g6961daa.1.AXS4.i686.rpm
MD5: c6df7a209f8a3e22c27d35d81855d4b3
SHA-256: 2d8c291ad18d4623debf3c6607b93ba25a00b21d976d3d81944240268fcc7ff8
Size: 111.25 kB - openmpi-1.5.4-2.AXS4.i686.rpm
MD5: e009c81c1386636593db32f529a9eda4
SHA-256: d9f73459d503ce635dd33e7e196898878e861dcf2c50f873890c9315604ff90b
Size: 2.15 MB - openmpi-devel-1.5.4-2.AXS4.i686.rpm
MD5: 87abbd89bbb6de2530fc74f0d088f320
SHA-256: 762b15cb94903650cef37a0fd5bd7c87f5e1f3cd843049bb820f811f77691a47
Size: 2.33 MB - perftest-2.0-2.AXS4.i686.rpm
MD5: 65dcc768d1c00d88ea8dcfad2578e7b7
SHA-256: 0b959a4d3f7905524ace2b34e9e4802f650916764aa19031c8d2b91112ffdfb9
Size: 79.43 kB - qperf-0.4.9-1.AXS4.i686.rpm
MD5: 5df257c98bf9f6d89b298b4a78d98ee3
SHA-256: 3fff564d5a2bd3c0c9b68f75ed6622a4a5293ac624ec193e929abff95e412476
Size: 53.71 kB - rdma-3.10-3.AXS4.noarch.rpm
MD5: a1d64ca5764fa854caef5768424cdd3e
SHA-256: 44f4a55e42ee062f244d28bab24816f373a467165fc82a979415d3a7f0920391
Size: 21.96 kB
Asianux Server 4 for x86_64
- ibutils-1.5.7-8.AXS4.x86_64.rpm
MD5: 440adfdef15bc12f18f10bf4022c83d0
SHA-256: 9d2a62b0bc788ce8c109b343233658de806b07bfc707e148fd26c9c54a0d6e30
Size: 1.05 MB - ibutils-libs-1.5.7-8.AXS4.x86_64.rpm
MD5: a8e6e247b1a622577a7546327365ce48
SHA-256: e0a85a7ce0597fca17933350dd4d660f335835bac5a32ea79ad465e97bfcdf02
Size: 902.18 kB - ibutils-libs-1.5.7-8.AXS4.i686.rpm
MD5: afa3a990571047ef0862742ec85cd3b5
SHA-256: f00619da63cf3ac56fb3d942e6fb148775d5661992cc1cd130ef8b7031f102fd
Size: 894.65 kB - infinipath-psm-3.0.1-115.1015_open.2.AXS4.x86_64.rpm
MD5: a711a7d973c76f377f311ce8b0714a07
SHA-256: 163727eb9303e56f94de7969a76c995c539df9e576dc52190da47c823db8f571
Size: 157.80 kB - libibverbs-1.1.7-1.AXS4.x86_64.rpm
MD5: 9c910fb6c141c474f692860cd8c488eb
SHA-256: 1f29de951465140705b42374250255a34b9cbeee129ea084b444131b7690825f
Size: 44.32 kB - libibverbs-devel-1.1.7-1.AXS4.x86_64.rpm
MD5: aa07e0bd083791a95defbd0fa9bf998b
SHA-256: 90ae5499785388bfa4bb8c32336ea7e1df3f2090e76f107f741982665d262a4c
Size: 60.20 kB - libibverbs-utils-1.1.7-1.AXS4.x86_64.rpm
MD5: 407c95f656b11c7765659d64743db76a
SHA-256: a6cf4d37b6bee6c3d469f78f10156c1a7a6af503c82887124e3ebb434f4871af
Size: 34.59 kB - libibverbs-1.1.7-1.AXS4.i686.rpm
MD5: a8f0a5dad012605778179cf78e62d7de
SHA-256: c05b7347145929f71b82b38cbd102ba5307dba55d53638b2222ff506b5effa25
Size: 45.00 kB - libibverbs-devel-1.1.7-1.AXS4.i686.rpm
MD5: 45c636d63e451b63f4179329e3bdd268
SHA-256: 7aca5a43cf0e28b73f85898f74db43d765dea0143e20d7906c392a8fd8597485
Size: 60.63 kB - libmlx4-1.0.5-4.AXS4.1.x86_64.rpm
MD5: 04343f4a590cb5d5fbd0fa787670b4fa
SHA-256: 8d9ed86fbfa1858cef629ae2cb55a92cfae275031076f4c1671169633f642fdf
Size: 28.57 kB - libmlx4-1.0.5-4.AXS4.1.i686.rpm
MD5: a984cd7268583cae9eaee77ab4d32160
SHA-256: ccb0e12d4ef5da5d32dc137102e0496d5ea59fb9d28281ac47dd0ce19dfedb44
Size: 29.18 kB - librdmacm-1.0.17-1.AXS4.x86_64.rpm
MD5: cd63ab9f9901f4772d720946ae1a4f55
SHA-256: 4369c9ef82858340213e67b97ffdaa053d4d13004e1ce172579cf217b30345f6
Size: 54.77 kB - librdmacm-devel-1.0.17-1.AXS4.x86_64.rpm
MD5: 84cdfc911f8171ac96ffa3906bba2539
SHA-256: 47b179da28dbcc8d3b5d3c7d9dea895cb342b3be3b70e5c3e560434cab76b7d8
Size: 66.96 kB - librdmacm-utils-1.0.17-1.AXS4.x86_64.rpm
MD5: 3f2d71c3999ccfa9756d57e4f82b07a3
SHA-256: ea420867bc0993bb3111f51d00ee28d7ca2711a81d135715adcf1e89b6b131a8
Size: 54.55 kB - librdmacm-1.0.17-1.AXS4.i686.rpm
MD5: 9a6f3dff939d812eacb22fbd61f5661a
SHA-256: 7f6aea0bc449a96842a8bca11384316607811558e13a6825fc7a7df4af70c4a5
Size: 56.04 kB - librdmacm-devel-1.0.17-1.AXS4.i686.rpm
MD5: dfcebcf05c192db5ba5592bb93148482
SHA-256: 4e431695307f17c8ed2e0eb8414848ce97476aff92207b28875d0550588bc336
Size: 67.39 kB - mpitests-mvapich2-3.2-9.AXS4.x86_64.rpm
MD5: b28204d306fbca7bd88098c88ffff332
SHA-256: 0b50333ed618371b7ba3d56fe9af19123b0d76343cd875b590544ae73c0f53e8
Size: 71.04 kB - mpitests-mvapich-3.2-9.AXS4.x86_64.rpm
MD5: c6a279a0bd254442ff98c8d91516b388
SHA-256: 7bea6bf82f3ed620937260715d33b5b4bc485349fafb12029a281f272a7cdd3f
Size: 17.30 kB - mpitests-openmpi-3.2-9.AXS4.x86_64.rpm
MD5: c2c3367368a774730d8b33217a4614bd
SHA-256: 3b068f45ca61ea3e25e35014518317ac33e42c17956f7c6cc2cae7ff65436764
Size: 72.66 kB - mstflint-3.0-0.6.g6961daa.1.AXS4.x86_64.rpm
MD5: 646cf6760dd7bbf3288320657bb46b35
SHA-256: fa8015c46d87afcbae207897a2b3d57ff77cde0e66b3a9b3a25c54db196bbef4
Size: 109.29 kB - openmpi-1.5.4-2.AXS4.x86_64.rpm
MD5: 91aefbbe0b6a5ea5ba9f5b19cc3aebea
SHA-256: 68263853699f8e5982883f3228d99a3d4f36c42eb2b50401d67c08c1f1a239b6
Size: 2.21 MB - openmpi-devel-1.5.4-2.AXS4.x86_64.rpm
MD5: 7ed573b3ab20ce39db76da0d01a8c13f
SHA-256: d764c7c0a0b40b3c19a489e89ac97d9012eb23452bff1252be226437fc18066f
Size: 2.36 MB - openmpi-1.5.4-2.AXS4.i686.rpm
MD5: e009c81c1386636593db32f529a9eda4
SHA-256: d9f73459d503ce635dd33e7e196898878e861dcf2c50f873890c9315604ff90b
Size: 2.15 MB - openmpi-devel-1.5.4-2.AXS4.i686.rpm
MD5: 87abbd89bbb6de2530fc74f0d088f320
SHA-256: 762b15cb94903650cef37a0fd5bd7c87f5e1f3cd843049bb820f811f77691a47
Size: 2.33 MB - perftest-2.0-2.AXS4.x86_64.rpm
MD5: 3e50fbc2c67e87065dcc0712f91cd354
SHA-256: f0fcfb678b40c2e9fc52d1dfb218f47ce5b3af7ff484692c515915da99273f06
Size: 80.91 kB - qperf-0.4.9-1.AXS4.x86_64.rpm
MD5: d6b8d0c3243a782c68a6667953d38066
SHA-256: 6e7a1258739c592a7ae7b61ee94e1812fe23e9d6e37263decc710e8ea2e23c15
Size: 53.90 kB - rdma-3.10-3.AXS4.noarch.rpm
MD5: d0c2b78ca14a9e1dfca46ae5a849368f
SHA-256: e4d1929daa7a388ded33c3226acdae50b8dc5256e5709972754be79f00f2f2cf
Size: 21.51 kB