glibc-2.12-1.132.AXS4.4

エラータID: AXSA:2014-509:05

リリース日: 
2014/09/03 Wednesday - 15:08
題名: 
glibc-2.12-1.132.AXS4.4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- GNU C Library には複数のディレクトリトラバーサル脆弱性が存在し,(1) LC_* と (2) LANG,あるいは他のロケールの環境変数の ".." によって,攻撃者が ForceCommand 制限を回避し,他の詳細不明な影響を与える脆弱性があります。(CVE-2014-0475)

- glibc の gconv_trans.c の __gconv_translit_find 関数には一つずれエラー (Off-by-one error) が存在し,CHARSET 環境変数と gconv transliteration モジュールに関連する要因によって,サービス拒否 (クラッシュ) を引き起こす脆弱性があります。(CVE-2014-5119)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2014-0475
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
CVE-2014-5119
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. glibc-2.12-1.132.AXS4.4.src.rpm
    MD5: 51bdb18ff3d501026962a74b9a1391aa
    SHA-256: d8d3413b2f59052a88933cc969306c5e4a63f1b3fb452f8f471c916b8310ef03
    Size: 15.39 MB

Asianux Server 4 for x86
  1. glibc-2.12-1.132.AXS4.4.i686.rpm
    MD5: 3cc8920813d640572c0daf338a42a82e
    SHA-256: 1b27c396e2a383eae1d7fbc0de1b43fdeca7b3edc08fe374ac825cdb2ade02d1
    Size: 4.34 MB
  2. glibc-common-2.12-1.132.AXS4.4.i686.rpm
    MD5: cd4e4c94d17ec538e4d1fdd6cfa2c38b
    SHA-256: 38b6b96ff637ba8c5142008baaeec2c6deef02501168c1822b5621d565336ee8
    Size: 14.18 MB
  3. glibc-devel-2.12-1.132.AXS4.4.i686.rpm
    MD5: d943b8a5aa24faf4e4ebd0a6593e86da
    SHA-256: 1d53572ae44c2bf66a7cc1c9194d47eec225b68fa1d466e664264eb691167bd9
    Size: 0.96 MB
  4. glibc-headers-2.12-1.132.AXS4.4.i686.rpm
    MD5: d7d814db3f3d702cfa06026a66f46ca1
    SHA-256: 47b587663324eba7033952cae3df5bcbaf289292d908881e0227461d66822e82
    Size: 616.30 kB
  5. glibc-utils-2.12-1.132.AXS4.4.i686.rpm
    MD5: 7556aa05b4f58f3d8de69cba7c422467
    SHA-256: 2d583ccc822d2591c738a71ae70dac9bde0d67ce87468722596e8c0dfc91e717
    Size: 164.68 kB
  6. nscd-2.12-1.132.AXS4.4.i686.rpm
    MD5: 10c97679e3662a44a2451b72ac828704
    SHA-256: 7a4be0e618b25a5cdc5d1e4fd87be7eb854ae4074590ea0729beca30c1017069
    Size: 217.73 kB

Asianux Server 4 for x86_64
  1. glibc-2.12-1.132.AXS4.4.x86_64.rpm
    MD5: 200d141a299263cedacccd00a1105a10
    SHA-256: c4edfad7429bc98a332fc91b22277709a44c9c2acc04897d97687bccc805b9b3
    Size: 3.80 MB
  2. glibc-common-2.12-1.132.AXS4.4.x86_64.rpm
    MD5: 59f9ef087dc7fbc6f207f2cf545a2359
    SHA-256: 31ccaa4a08f02dfa778900fd634e9b346d67cc06e7f054cda30653ee0f2c9969
    Size: 14.19 MB
  3. glibc-devel-2.12-1.132.AXS4.4.x86_64.rpm
    MD5: ffc41c569268200ccf9c097c997e0dfe
    SHA-256: bcec6ca41e757b99231b8f58fe7315ca14fb957b7aa6326e3bdaed45992f5774
    Size: 0.96 MB
  4. glibc-headers-2.12-1.132.AXS4.4.x86_64.rpm
    MD5: 4c3a3e6eecc42d0fd099d18a83c4c2e3
    SHA-256: 71fd87f1c731fb7213574fea1677c4fadb9b25b0c3ff9e94a9a6745fe6937100
    Size: 607.84 kB
  5. glibc-utils-2.12-1.132.AXS4.4.x86_64.rpm
    MD5: 5a4dc37b9d8670cf31e1000cddac35b3
    SHA-256: 488b3eb43c4911f51b77641d63d007ee9ce8a41231a5bc86943d37e31a5ac7b3
    Size: 162.86 kB
  6. nscd-2.12-1.132.AXS4.4.x86_64.rpm
    MD5: f574159dbf0302aa4a3da3fe9274df21
    SHA-256: 8313390926372587f11a2ed88b34ed432f92e854a3a114a0fc02552710dcb3f7
    Size: 218.78 kB
  7. glibc-2.12-1.132.AXS4.4.i686.rpm
    MD5: 3cc8920813d640572c0daf338a42a82e
    SHA-256: 1b27c396e2a383eae1d7fbc0de1b43fdeca7b3edc08fe374ac825cdb2ade02d1
    Size: 4.34 MB
  8. glibc-devel-2.12-1.132.AXS4.4.i686.rpm
    MD5: d943b8a5aa24faf4e4ebd0a6593e86da
    SHA-256: 1d53572ae44c2bf66a7cc1c9194d47eec225b68fa1d466e664264eb691167bd9
    Size: 0.96 MB