glibc-2.12-1.149.AXS4.7

エラータID: AXSA:2015-126:03

リリース日: 
2015/05/08 Friday - 17:13
題名: 
glibc-2.12-1.149.AXS4.7
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- glibc の resolv/res_send.c の send_dg 関数は,ファイルディスクリプタを適切に再利用しておらず,getaddrinfo 関数を呼び出す大量のリクエストによって,リモートの攻撃者が DNS クエリを意図しない場所へ送る脆弱性があります。(CVE-2013-7423)

現時点では CVE-2015-1781 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2015-1781
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. glibc-2.12-1.149.AXS4.7.src.rpm
    MD5: a10a97c6d35083e73b7aa0eba79e5e43
    SHA-256: d7648aee9fa37ac017fbe9226b125cd195a1b06e0baccff6669c3d9a42ead012
    Size: 15.44 MB

Asianux Server 4 for x86
  1. glibc-2.12-1.149.AXS4.7.i686.rpm
    MD5: 349953a98186a31a86c270aea58d6813
    SHA-256: 5cb5d1f79308587aea762876bbd80ab5fc28994c3a08a908904309d929cb73ae
    Size: 4.34 MB
  2. glibc-common-2.12-1.149.AXS4.7.i686.rpm
    MD5: 8bfce1271dab9fca9cd0773e13cbea96
    SHA-256: ef05468f68190c08f0daef55d44b474502fe41107520d05e09f47989810eab3f
    Size: 14.18 MB
  3. glibc-devel-2.12-1.149.AXS4.7.i686.rpm
    MD5: ac9d7ed18dccc7ad40977235244d4d4a
    SHA-256: 557f55bdb18a06c63df50c2e8ff23611243fec9a1d792a03bfc3ffe5cf2a0904
    Size: 0.96 MB
  4. glibc-headers-2.12-1.149.AXS4.7.i686.rpm
    MD5: cd02617aaef456c250d85b472d0364e2
    SHA-256: a432df6cbf1daca009db9cd8a48200a0360a64e5fe7b6a1bc6edd31ad047d713
    Size: 619.47 kB
  5. glibc-utils-2.12-1.149.AXS4.7.i686.rpm
    MD5: 7023ac8ae1173866563470e7f9c07d85
    SHA-256: 5ed287a218b2e236aad0ae4b937d99ddb4709950792be67a7bc6278740398193
    Size: 167.76 kB
  6. nscd-2.12-1.149.AXS4.7.i686.rpm
    MD5: 0a17b914bd9dbd85d4e05378374cfe60
    SHA-256: e62ae699f3bc85632fc3439a91a13ed7a5a7f31d2944f9b556c585a6fa48570a
    Size: 222.53 kB

Asianux Server 4 for x86_64
  1. glibc-2.12-1.149.AXS4.7.x86_64.rpm
    MD5: 94e2f6d496934a07dfde9d3392e02b57
    SHA-256: 4c63ef9d16eb11082db9ce0680b403c2c5b7f3030988597efaafbec1e4ffb6dc
    Size: 3.81 MB
  2. glibc-common-2.12-1.149.AXS4.7.x86_64.rpm
    MD5: ec8b3ab48a9e36b46fcd035cfd455da2
    SHA-256: 7563b3f340d754162a83b49621b3f89020c50625760e838d5db6a9c41edf59cb
    Size: 14.19 MB
  3. glibc-devel-2.12-1.149.AXS4.7.x86_64.rpm
    MD5: 45afb9f3597af76a8fae9782a7d56623
    SHA-256: ada4fcbb985e242e97725199997b3b7b03d86eccb83da321ded840e86968324c
    Size: 0.96 MB
  4. glibc-headers-2.12-1.149.AXS4.7.x86_64.rpm
    MD5: c4e66875cc86c3ec1df205416dffe1bf
    SHA-256: 7c8d0bc961d642208854651b954d35cca74f22977facda8ab983b2285da2703b
    Size: 611.00 kB
  5. glibc-utils-2.12-1.149.AXS4.7.x86_64.rpm
    MD5: 7bfdef7971a036af6eeb55a5fddd735c
    SHA-256: c44499a9737ac68671e166e070710d585e5e4555859758ab09cf5d757f4dd1a3
    Size: 165.93 kB
  6. nscd-2.12-1.149.AXS4.7.x86_64.rpm
    MD5: 98e84a0fb813a3c47edfdfeb1cc4e3a5
    SHA-256: 9386df3f69b7cc5fda917f6bbda43bdd85327f2653b69ec8ad7756b50568e937
    Size: 223.75 kB
  7. glibc-2.12-1.149.AXS4.7.i686.rpm
    MD5: 349953a98186a31a86c270aea58d6813
    SHA-256: 5cb5d1f79308587aea762876bbd80ab5fc28994c3a08a908904309d929cb73ae
    Size: 4.34 MB
  8. glibc-devel-2.12-1.149.AXS4.7.i686.rpm
    MD5: ac9d7ed18dccc7ad40977235244d4d4a
    SHA-256: 557f55bdb18a06c63df50c2e8ff23611243fec9a1d792a03bfc3ffe5cf2a0904
    Size: 0.96 MB