glibc-2.17-106.el7.4
エラータID: AXSA:2016-096:01
リリース日:
2016/02/17 Wednesday - 15:44
題名:
glibc-2.17-106.el7.4
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- glibc の calloc 関数は,適切にメモリエリアを初期化しておらず,攻撃
者がサービス拒否 (ハングあるいはクラッシュ) を引き起こす脆弱性がありま
す。(CVE-2015-5229)
- glibc の libresolv ライブラリの (1) send_dg, (2) send_vc 関数には,
複数のスタックベースのバッファーオーバーフローが存在し,AF_UNSPEC あるい
は AF_INET6 アドレスファミリーを持つ getaddinfo 関数の呼び出しを引き起
こす,巧妙に細工された DNS レスポンスによって,リモートの攻撃者がサービス
拒否 (クラッシュ) を引き起こす,あるいは任意のコードを実行する可能性のある
脆弱性があります。(CVE-2015-7547)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-5229
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.17-106.el7.4.src.rpm
MD5: 1e51d57106294c0c34640e56cef49dc6
SHA-256: 69d72fb2f196d0c47c6d24d864ec53e89d055d6248fa1f1dccf187ec5964c076
Size: 23.09 MB
Asianux Server 7 for x86_64
- glibc-2.17-106.el7.4.x86_64.rpm
MD5: 72b7cb92e034778ab269057de0355d09
SHA-256: 00a208dc52e3268b9a6654e5c4d5a3fd5ac3f9bcf209684613398d86b2a7bfca
Size: 3.58 MB - glibc-common-2.17-106.el7.4.x86_64.rpm
MD5: 77f49e6ae6db29d10cbc6dad003a3d37
SHA-256: 1bfd2cd7229ef5a2981abffc5a9a7007e170c034203b95f4d8cc43ac1b4fdb44
Size: 11.47 MB - glibc-devel-2.17-106.el7.4.x86_64.rpm
MD5: e61acffe15e292d9c6fc328db82ea1d3
SHA-256: e5290a0599761203e8dc22a008476dfbc67742441cd52ce7b0124e4a61b4b57c
Size: 1.05 MB - glibc-headers-2.17-106.el7.4.x86_64.rpm
MD5: 779fda5409888fa681adea120ca3c84d
SHA-256: 8a4416c53ef04429930192039f875293f5ceaefbc044df5e776c8cd3831a67a7
Size: 660.66 kB - glibc-utils-2.17-106.el7.4.x86_64.rpm
MD5: 052258044e637902d614d62daf5a2b35
SHA-256: 22cc47123eb5f9e33cf5884f42f564ebeb08d58b2fd5f587b5b429bd57160353
Size: 201.31 kB - nscd-2.17-106.el7.4.x86_64.rpm
MD5: aa1fe46c3ab76b2859fb469db9edc3c3
SHA-256: 5611ae4811d448b1e50e10624e4cda03b870331543a6cec42330ca4bd4570ba8
Size: 259.81 kB - glibc-2.17-106.el7.4.i686.rpm
MD5: 10faa6f00d765c196737ce74fc1f1545
SHA-256: 4fd70b64a400f5c68ef7b20cb303b5e71a404691e28b39411cadc0c41b68d36e
Size: 4.18 MB - glibc-devel-2.17-106.el7.4.i686.rpm
MD5: 842e4486191ef2f7a2c2a6a3b8f17927
SHA-256: b2546dfeb19ed06bf5b2d9cf6ceb5524d0aba15dd44ae96d177ce6e47a58c68f
Size: 1.05 MB
English