yum-utils-1.1.30-42.AXS4
エラータID: AXSA:2018-3265:02
リリース日:
2018/07/30 Monday - 20:53
題名:
yum-utils-1.1.30-42.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- yum-utils の一部の reposync にディレクトリトラバーサルの問題が
あり,reposync がリモートのレポジトリの設定ファイルのパスのサニタイズに
失敗します。攻撃者がパスのトラバーサルによって,ターゲットのシステム上の
のコピー先のディレクトリの外側にファイルをコピーできる可能性があり,
reposync が高い権限で動いている場合,この欠陥は重要なシステムファイルを
上書きすることによって,システムを危険にさらす結果をもたらす脆弱性があります。
(CVE-2018-10897)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2018-10897
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
追加情報:
N/A
ダウンロード:
SRPMS
- yum-utils-1.1.30-42.AXS4.src.rpm
MD5: 2bcccc66bf8631620cbbd983195b272a
SHA-256: cfb7b27e42a9e1cc944579ecf308854f45def43c1a504d513146d995aae02940
Size: 292.21 kB
Asianux Server 4 for x86
- yum-plugin-aliases-1.1.30-42.AXS4.noarch.rpm
MD5: 6f80389501b887d455450285e97599ab
SHA-256: cdcd6be3ec401320d3a39391e41c10a2a46492d857738dc4ea0594c21fa60098
Size: 29.57 kB - yum-plugin-changelog-1.1.30-42.AXS4.noarch.rpm
MD5: e65c80f2183690930b11f4485c20a76d
SHA-256: e77000938a1846065a05ddcd78346f04055eadf913b6a8e8f0dfb041e9dc210e
Size: 32.87 kB - yum-plugin-ovl-1.1.30-42.AXS4.noarch.rpm
MD5: 33a5d96c1a0a3e7b371e3567f448b34b
SHA-256: eaac4bbf69d7dfdac0dfa7225d116dede40a6c86e02160cb5cf941799bfbf670
Size: 26.00 kB - yum-plugin-security-1.1.30-42.AXS4.noarch.rpm
MD5: 911ff0c9d92f684a4ad7a7f1d351555f
SHA-256: c69c7604117b930b5a1156299e90fac1f030d01092738fe738a15a541b414bb6
Size: 42.83 kB - yum-plugin-tmprepo-1.1.30-42.AXS4.noarch.rpm
MD5: 41b962b4fbfc19ec86b4f88de598e752
SHA-256: 4acfc3d01207189d9ca70e021da01567cf19f733c9f35bce99346845772dc70d
Size: 29.65 kB - yum-plugin-verify-1.1.30-42.AXS4.noarch.rpm
MD5: b3f9326bdf5c0514d18611c9347d85a4
SHA-256: 9f5a007900651c686e63073374fd10c5eb90ec466912c5c54322cd2e48db35ea
Size: 34.44 kB - yum-plugin-versionlock-1.1.30-42.AXS4.noarch.rpm
MD5: 2247a2eeef1b9b74fc6e3fb797c1dea2
SHA-256: d2954dc4054864e9019a48af5dff5fd0df271a8bcb72506d74dad0dd6d3e7e27
Size: 32.10 kB - yum-utils-1.1.30-42.AXS4.noarch.rpm
MD5: 44e8a474d2f296fb8bdd6165e1f54196
SHA-256: 5a883e55e0f56a885864fea7384f29d596ec43e9fdbd1cde159285dcba569f00
Size: 113.68 kB
Asianux Server 4 for x86_64
- yum-plugin-aliases-1.1.30-42.AXS4.noarch.rpm
MD5: f81106765ddc2b5eb06a2667bc662652
SHA-256: 79c8222d33f4352244d1c726d3940ad7333b80b45717afcca6dbb8a88dd21643
Size: 29.12 kB - yum-plugin-changelog-1.1.30-42.AXS4.noarch.rpm
MD5: ac9738d0d827e9c2a9105d6e141dbe9f
SHA-256: 76418c8b5d56ee026c0dc5a85eaf70e6fd7fb05f05062c72402f8ddd789cbd26
Size: 32.42 kB - yum-plugin-ovl-1.1.30-42.AXS4.noarch.rpm
MD5: 00eee12906b256589907d9b7f0c77759
SHA-256: c1b82b2459c2afe8a359664c4bfbc9cfe6ef3cb24ce9b29557f342e03a56f6b1
Size: 25.55 kB - yum-plugin-security-1.1.30-42.AXS4.noarch.rpm
MD5: e44de9562b3e8d29cfd75d770c17b50b
SHA-256: bccef8dd1a03e36ec576d3349a1362729a6f14716a16822ada1337a3284e5c4c
Size: 42.38 kB - yum-plugin-tmprepo-1.1.30-42.AXS4.noarch.rpm
MD5: 390c7123a035d258dd7259a93af09258
SHA-256: 3da855aff3be733a0480f4043f0d0e88b6571d1465960a1d98ed4c141c37b0a5
Size: 29.20 kB - yum-plugin-verify-1.1.30-42.AXS4.noarch.rpm
MD5: 9843a61a30d4e2ef0d49e1e06a8ee428
SHA-256: e757284da706414143f67a6e2b6cde7e2501a9bc8e136f67fd62886bf54bdf52
Size: 33.99 kB - yum-plugin-versionlock-1.1.30-42.AXS4.noarch.rpm
MD5: 09636ae1b1bf76c771821dc1c9d69b97
SHA-256: c9cb6ad78ba963e4b4027a00e9f4ce3a72941e08967091f65aed3fe6993c7021
Size: 31.65 kB - yum-utils-1.1.30-42.AXS4.noarch.rpm
MD5: 323e43884d7c85ed61d5b875561f7364
SHA-256: d8236b2071df2db655d30af95b43a2dd48de93dba207e1dc7ec8c8780573f2de
Size: 113.23 kB
English