glibc-2.12-1.149.AXS4.7
エラータID: AXSA:2015-126:03
リリース日:
2015/05/08 Friday - 17:13
題名:
glibc-2.12-1.149.AXS4.7
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- glibc の resolv/res_send.c の send_dg 関数は,ファイルディスクリプタを適切に再利用しておらず,getaddrinfo 関数を呼び出す大量のリクエストによって,リモートの攻撃者が DNS クエリを意図しない場所へ送る脆弱性があります。(CVE-2013-7423)
現時点では CVE-2015-1781 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-7423
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2015-1781
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.12-1.149.AXS4.7.src.rpm
MD5: a10a97c6d35083e73b7aa0eba79e5e43
SHA-256: d7648aee9fa37ac017fbe9226b125cd195a1b06e0baccff6669c3d9a42ead012
Size: 15.44 MB
Asianux Server 4 for x86
- glibc-2.12-1.149.AXS4.7.i686.rpm
MD5: 349953a98186a31a86c270aea58d6813
SHA-256: 5cb5d1f79308587aea762876bbd80ab5fc28994c3a08a908904309d929cb73ae
Size: 4.34 MB - glibc-common-2.12-1.149.AXS4.7.i686.rpm
MD5: 8bfce1271dab9fca9cd0773e13cbea96
SHA-256: ef05468f68190c08f0daef55d44b474502fe41107520d05e09f47989810eab3f
Size: 14.18 MB - glibc-devel-2.12-1.149.AXS4.7.i686.rpm
MD5: ac9d7ed18dccc7ad40977235244d4d4a
SHA-256: 557f55bdb18a06c63df50c2e8ff23611243fec9a1d792a03bfc3ffe5cf2a0904
Size: 0.96 MB - glibc-headers-2.12-1.149.AXS4.7.i686.rpm
MD5: cd02617aaef456c250d85b472d0364e2
SHA-256: a432df6cbf1daca009db9cd8a48200a0360a64e5fe7b6a1bc6edd31ad047d713
Size: 619.47 kB - glibc-utils-2.12-1.149.AXS4.7.i686.rpm
MD5: 7023ac8ae1173866563470e7f9c07d85
SHA-256: 5ed287a218b2e236aad0ae4b937d99ddb4709950792be67a7bc6278740398193
Size: 167.76 kB - nscd-2.12-1.149.AXS4.7.i686.rpm
MD5: 0a17b914bd9dbd85d4e05378374cfe60
SHA-256: e62ae699f3bc85632fc3439a91a13ed7a5a7f31d2944f9b556c585a6fa48570a
Size: 222.53 kB
Asianux Server 4 for x86_64
- glibc-2.12-1.149.AXS4.7.x86_64.rpm
MD5: 94e2f6d496934a07dfde9d3392e02b57
SHA-256: 4c63ef9d16eb11082db9ce0680b403c2c5b7f3030988597efaafbec1e4ffb6dc
Size: 3.81 MB - glibc-common-2.12-1.149.AXS4.7.x86_64.rpm
MD5: ec8b3ab48a9e36b46fcd035cfd455da2
SHA-256: 7563b3f340d754162a83b49621b3f89020c50625760e838d5db6a9c41edf59cb
Size: 14.19 MB - glibc-devel-2.12-1.149.AXS4.7.x86_64.rpm
MD5: 45afb9f3597af76a8fae9782a7d56623
SHA-256: ada4fcbb985e242e97725199997b3b7b03d86eccb83da321ded840e86968324c
Size: 0.96 MB - glibc-headers-2.12-1.149.AXS4.7.x86_64.rpm
MD5: c4e66875cc86c3ec1df205416dffe1bf
SHA-256: 7c8d0bc961d642208854651b954d35cca74f22977facda8ab983b2285da2703b
Size: 611.00 kB - glibc-utils-2.12-1.149.AXS4.7.x86_64.rpm
MD5: 7bfdef7971a036af6eeb55a5fddd735c
SHA-256: c44499a9737ac68671e166e070710d585e5e4555859758ab09cf5d757f4dd1a3
Size: 165.93 kB - nscd-2.12-1.149.AXS4.7.x86_64.rpm
MD5: 98e84a0fb813a3c47edfdfeb1cc4e3a5
SHA-256: 9386df3f69b7cc5fda917f6bbda43bdd85327f2653b69ec8ad7756b50568e937
Size: 223.75 kB - glibc-2.12-1.149.AXS4.7.i686.rpm
MD5: 349953a98186a31a86c270aea58d6813
SHA-256: 5cb5d1f79308587aea762876bbd80ab5fc28994c3a08a908904309d929cb73ae
Size: 4.34 MB - glibc-devel-2.12-1.149.AXS4.7.i686.rpm
MD5: ac9d7ed18dccc7ad40977235244d4d4a
SHA-256: 557f55bdb18a06c63df50c2e8ff23611243fec9a1d792a03bfc3ffe5cf2a0904
Size: 0.96 MB