glibc-2.17-157.el7.4
エラータID: AXSA:2017-1702:02
リリース日:
2017/06/20 Tuesday - 03:25
題名:
glibc-2.17-157.el7.4
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- glibc には巧妙に細工された LD_LIBRARY_PATH 値によって、攻撃者が
ヒープとスタックを操作し、その結果、ヒープとスタックの両者が同じ領域を
指すことで、任意のコードを実行する可能性のある脆弱性があります。
(CVE-2017-1000366)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-1000366
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.17-157.el7.4.src.rpm
MD5: 78d5dde81f6db3780e4da0f772812ec9
SHA-256: 4e733eb948bac7e68ac34434b8d07c7a90d5aa047d9236d83e731358d9491eb6
Size: 23.91 MB
Asianux Server 7 for x86_64
- glibc-2.17-157.el7.4.x86_64.rpm
MD5: b83d9af04807631492d1c705c270ff94
SHA-256: ae0d27ae8fe11218d52c02c1c8cc0cdb066498059de6f49a3ad84d9bf6a8366c
Size: 3.59 MB - glibc-common-2.17-157.el7.4.x86_64.rpm
MD5: 930bb6fe65b0c5f642285ed9830f79e5
SHA-256: 9143c3c40699c5e37d14f407051f06702f8cdd144cb8c8812d0c6e154dbea2cd
Size: 11.48 MB - glibc-devel-2.17-157.el7.4.x86_64.rpm
MD5: 9b07ecb5c7ea054848c070fbc18be22e
SHA-256: c893c9cdf592b6ee6409ae8fdb4cb186ad52b5de1c04e25bb584d5a48e4dfe50
Size: 1.05 MB - glibc-headers-2.17-157.el7.4.x86_64.rpm
MD5: 833e19a496ed6822f4b987a3f84e611d
SHA-256: 7258344b48abe2c20ba8db970c79c90ca06f0bdfb1a861e0e0379f7d6706c91b
Size: 667.82 kB - glibc-utils-2.17-157.el7.4.x86_64.rpm
MD5: 1aef7e18e6a678ac77b4ab1213ad79b7
SHA-256: da45e1b7c15ca2c435a5d31f38c2ec233a65d372a5e69c3946d98a7eb471b26e
Size: 207.95 kB - nscd-2.17-157.el7.4.x86_64.rpm
MD5: da03f27811992d4c7db6e2b36561cb06
SHA-256: 2f1aefc9c99be3bb9fffc6d90900c43e8cde3f39d51b830baebcbe117ff4de09
Size: 266.37 kB - glibc-2.17-157.el7.4.i686.rpm
MD5: 1896e15c7b3a778d631a12a4cdb914b0
SHA-256: 5fb2c4a81b4e1dfa065984e399fd88f2ba3e206fff791bb0bb2c1688bdbe107b
Size: 4.19 MB - glibc-devel-2.17-157.el7.4.i686.rpm
MD5: 4f3efd5afa99741a306574e9c08b1247
SHA-256: af65ed7582205421d9d35a75436f9eada63db1f6072f6f1ac7ad248562a4d2d2
Size: 1.06 MB