glibc-2.12-1.209.AXS4
エラータID: AXSA:2017-1373:01
リリース日:
2017/03/22 Wednesday - 23:09
題名:
glibc-2.12-1.209.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GNU C Library には,複数のスタックベースのバッファーオーバーフローが
存在し,(1) nan, (2) nanf, (3) nanl 関数に長い引数を渡すことによって,
攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす,
あるいは任意のコードを実行する可能性のある脆弱性があります。
(CVE-2014-9761)
- GNU C Laibrary の strftime 関数には,範囲外の時刻の値によって,攻撃者
がサービス拒否 (アプリケーションのクラッシュ) を引き起こす,あるいは
機密情報を取得する可能性のある脆弱性があります。(CVE-2015-8776)
- GNU C Library には,整数オーバーフローが存在し,ヒープメモリアクセスを
引き起こす __hcreate_r 関数へのサイズ引数によって攻撃者がサービス拒否
(アプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを実
行する脆弱性があります。(CVE-2015-8778)
- GNU C Library の catopen 関数には,スタックベースのバッファーオーバー
フローが存在し,境界外のヒープメモリアクセスによって、攻撃者がサービス拒
否 (アプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを実
行する可能性のある脆弱性があります。(CVE-2015-8779)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-9761
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8778
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.12-1.209.AXS4.src.rpm
MD5: 7d31f1e1514fa672fa9197a01be82ca7
SHA-256: 3d6b8463f63dc882fe925e6d9f8988d0a6d363e38ab88d923989475eda810d1b
Size: 15.98 MB
Asianux Server 4 for x86
- glibc-2.12-1.209.AXS4.i686.rpm
MD5: 7d281ce27051b079ea21ccf0b5f88de0
SHA-256: 691601bc7b18c90b2d739fdeff2a6a069e8b6414f5f8878a5d282be25702813d
Size: 4.36 MB - glibc-common-2.12-1.209.AXS4.i686.rpm
MD5: cf7f3bb419c95494475bd5f905331894
SHA-256: 0be862bf90291fd5cde2fbc15521c24566c8d243a786e59e6a49391af4ec8a4e
Size: 14.22 MB - glibc-devel-2.12-1.209.AXS4.i686.rpm
MD5: 90235ba164cec6722dab2fa7dcbf0fc3
SHA-256: 8cf6326a04a02b978268ad3fd4b2920805cee065fe98e1c3d9b0fd4c4dfe272b
Size: 0.97 MB - glibc-headers-2.12-1.209.AXS4.i686.rpm
MD5: 4f6c78864c0536c77caaf04ebe879d85
SHA-256: 4797ebab69b96ca0b5d34bd57978860ac82c5ee36d9d661d4236f896f4b44f30
Size: 626.92 kB - glibc-utils-2.12-1.209.AXS4.i686.rpm
MD5: 934be0fd9d3c5c2e88f1dcc8a4ba4a56
SHA-256: 1b196c169ce769b512c7c447aa0117cfe7595edc455640eeaa8dc9172f7688bd
Size: 175.09 kB - nscd-2.12-1.209.AXS4.i686.rpm
MD5: d2f5b3a29965448963ca03bf62111326
SHA-256: 8b7d669525ad492e98accccee6344415bbd7d612a516c4d84930ac4d13ed1a2f
Size: 229.75 kB
Asianux Server 4 for x86_64
- glibc-2.12-1.209.AXS4.x86_64.rpm
MD5: ec11ad04a2a9c91d9a68ccea1e29f168
SHA-256: d13ddefa2525797e0e030e01c44d8828aaa22c01dbc43e33a93445f029db4bde
Size: 3.82 MB - glibc-common-2.12-1.209.AXS4.x86_64.rpm
MD5: 816a0795e3705470f029b2e250bd02ce
SHA-256: 40dc6ae265de11035ac442801d095ca72bd21862eb5d69650e4150bdff97dbb0
Size: 14.23 MB - glibc-devel-2.12-1.209.AXS4.x86_64.rpm
MD5: 0b851fe7cde37b8de7cf6045b8f5737b
SHA-256: 34e2c32759265c08ef8e151a0834a4113d4e90d1dc8d8bfc0326c7208079b738
Size: 0.97 MB - glibc-headers-2.12-1.209.AXS4.x86_64.rpm
MD5: 74bd25014f25bed2e344a01ccb2234f6
SHA-256: b23afcf1b0fed45e4dc6e79cfa57a516c56d2ed8e9e2362644b72909930913ee
Size: 618.52 kB - glibc-utils-2.12-1.209.AXS4.x86_64.rpm
MD5: 5862171b812008cee0c19d37e0bbc906
SHA-256: 90cae92c1db0abfd715248cd43b178eb6c953b8820add341c3ae446d918506ae
Size: 173.04 kB - nscd-2.12-1.209.AXS4.x86_64.rpm
MD5: 5c0143056e3afdf65c46f4994ad0a301
SHA-256: 16dc5995182f205fdd642ce61ffef3ca223b0d401020bc129e8299d5f467f56e
Size: 230.96 kB - glibc-2.12-1.209.AXS4.i686.rpm
MD5: 7d281ce27051b079ea21ccf0b5f88de0
SHA-256: 691601bc7b18c90b2d739fdeff2a6a069e8b6414f5f8878a5d282be25702813d
Size: 4.36 MB - glibc-devel-2.12-1.209.AXS4.i686.rpm
MD5: 90235ba164cec6722dab2fa7dcbf0fc3
SHA-256: 8cf6326a04a02b978268ad3fd4b2920805cee065fe98e1c3d9b0fd4c4dfe272b
Size: 0.97 MB
English