curl-7.29.0-42.el7.1
エラータID: AXSA:2017-2424:02
リリース日:
2017/12/04 Monday - 16:31
題名:
curl-7.29.0-42.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libcurl にはヒープベースのバッファーオーバーフローが存在し,
IMAP FETCH レスポンス行が 0 を返してきた場合,境界外からの
メモリの読み込みにより,攻撃者がアプリケーションをクラッシュ
させる,実際にダウンロードされたかのように,メモリの読み込み
内容をアプリケーションに渡す脆弱性があります。
(CVE-2017-1000257)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-1000257
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
追加情報:
N/A
ダウンロード:
SRPMS
- curl-7.29.0-42.el7.1.src.rpm
MD5: f0b33b9736cb9d8229b725c186bc9051
SHA-256: 335081adc388377b0a89020b34af470ea02b6c5367eb579c6dab30eb81ac5f8b
Size: 2.20 MB
Asianux Server 7 for x86_64
- curl-7.29.0-42.el7.1.x86_64.rpm
MD5: 0ad2a03c892f49f05aa5d6faa57fa0f4
SHA-256: 13914a1ce3575947ccf4328a086bf4a65b34480e578a7b4968ae93994308c110
Size: 266.00 kB - libcurl-7.29.0-42.el7.1.x86_64.rpm
MD5: e3e14cce595502f223a069a36c5cb6dd
SHA-256: cebcf1eab95105c2b07fec1f9e9ce25b14969b5f0178d3e132c37ee6806f91ac
Size: 218.59 kB - libcurl-devel-7.29.0-42.el7.1.x86_64.rpm
MD5: b0d956ebbc49cd63c4bbdd99f3e714c5
SHA-256: 5b4e5a084af9bb8718d76cf7a54c1424ebe579db3dd77b82b9eab574307065bb
Size: 298.81 kB - libcurl-7.29.0-42.el7.1.i686.rpm
MD5: 83d8ad9eb5b6f76a8a56bb9f7efc01b2
SHA-256: 22dc56b29993582f288c3b8589e762bb9805ef1068e372070b0a373a144433cf
Size: 221.00 kB - libcurl-devel-7.29.0-42.el7.1.i686.rpm
MD5: f13c9f7d090be23342af634f0edf0e07
SHA-256: 1ed0547e27248fe17142316555895e0aea9b28cc1673779a463296b5dbb1ab10
Size: 298.88 kB
English