glibc-2.12-1.209.AXS4.2
エラータID: AXSA:2017-1703:03
リリース日:
2017/06/21 Wednesday - 07:47
題名:
glibc-2.12-1.209.AXS4.2
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- glibc には巧妙に細工された LD_LIBRARY_PATH 値によって、攻撃者が
ヒープとスタックを操作し、その結果、ヒープとスタックの両者が同じ領域を
指すことで、任意のコードを実行する可能性のある脆弱性があります。
(CVE-2017-1000366)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-1000366
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
追加情報:
N/A
ダウンロード:
SRPMS
- glibc-2.12-1.209.AXS4.2.src.rpm
MD5: 25f36bfb26b6338581147f31e067cfa9
SHA-256: fde1065fee66b6d4e647e99e31efd0a4f1fcf7345c72f4fb3338c56444ae0dac
Size: 15.99 MB
Asianux Server 4 for x86
- glibc-2.12-1.209.AXS4.2.i686.rpm
MD5: b12aec382111ce05a4e9425dee861e35
SHA-256: e1d79a3f782175a56cac4a2a791182e964234cbb96c11074e98f81816d564b5d
Size: 4.36 MB - glibc-common-2.12-1.209.AXS4.2.i686.rpm
MD5: 836dc7d613ffec030e09c67d15c6b89b
SHA-256: 9a834ccd646534195aca3e3ca117bed7e254dbcbf3e9e6ccc621da2285681216
Size: 14.22 MB - glibc-devel-2.12-1.209.AXS4.2.i686.rpm
MD5: 05fe1969f22d6aaeb1cec76068b6cc02
SHA-256: a133d1e1f7261b995338c70be61b671abb88f3f99b21d89ca7438b814ae8dad7
Size: 0.97 MB - glibc-headers-2.12-1.209.AXS4.2.i686.rpm
MD5: 50c75963f4ae49ebed76505cfd8fd799
SHA-256: 955d5e67b0bcb1fbd727ec9c6931ecd2871aa0161c93b1171cc274a00c41027c
Size: 627.16 kB - glibc-utils-2.12-1.209.AXS4.2.i686.rpm
MD5: 921cb14e6e5c6322785d506f93e612e8
SHA-256: 049911a9d81eaa67cf4cc3de4f1c0805c7b9f41b0b068ce513c52c5c9e3f0fcf
Size: 175.33 kB - nscd-2.12-1.209.AXS4.2.i686.rpm
MD5: d833244f58766d825c88019cfcc08f91
SHA-256: c38558af78adc0b4d76e59670dcf57b4d6e8f9492ccc32d9c94f3f3581a920a0
Size: 229.99 kB
Asianux Server 4 for x86_64
- glibc-2.12-1.209.AXS4.2.x86_64.rpm
MD5: 33a9ee8c0e7b98caaef19f0dec70b4e9
SHA-256: f921930754e788e9bf0799e5c0acdc634e4d9ea8fdeb09819ec1ab5f6beb5cd4
Size: 3.82 MB - glibc-common-2.12-1.209.AXS4.2.x86_64.rpm
MD5: b7920a1a63596ebfb6989a63783d88ab
SHA-256: ce3040d89fa25e48f29579c1dd25405663955f863dbeda6a65f27d94de5c4770
Size: 14.23 MB - glibc-devel-2.12-1.209.AXS4.2.x86_64.rpm
MD5: c0f62c214de59085b7586bd06cd572db
SHA-256: e9d124621b987da6da6c32ff6ae50952bd22b6681c627d48fac63e82d1b06848
Size: 0.97 MB - glibc-headers-2.12-1.209.AXS4.2.x86_64.rpm
MD5: 49fc0e2d23336532792af313c5663cb4
SHA-256: 71766771d334a0decc68e57eacd17a7b09a4211f887a71ae72f988db543071f3
Size: 618.74 kB - glibc-utils-2.12-1.209.AXS4.2.x86_64.rpm
MD5: a1400c83f02b24fbcb469ca6cdde345c
SHA-256: f571b38bbb07a5aae69f6fa0d6fa437d4b7ddaa4fbbc68c57dafe4add5eb3f77
Size: 173.29 kB - nscd-2.12-1.209.AXS4.2.x86_64.rpm
MD5: 7ba547279ce3f719f4837054fed0dadf
SHA-256: 47202dc7bb591409a434334214b09459ba943e5fe8e503ebaaef4c8c20c484a7
Size: 231.20 kB - glibc-2.12-1.209.AXS4.2.i686.rpm
MD5: b12aec382111ce05a4e9425dee861e35
SHA-256: e1d79a3f782175a56cac4a2a791182e964234cbb96c11074e98f81816d564b5d
Size: 4.36 MB - glibc-devel-2.12-1.209.AXS4.2.i686.rpm
MD5: 05fe1969f22d6aaeb1cec76068b6cc02
SHA-256: a133d1e1f7261b995338c70be61b671abb88f3f99b21d89ca7438b814ae8dad7
Size: 0.97 MB