安全公告详情

NS-SA-2019-0031

2019-07-17 14:56:03

简介

important: bind/tomcat security update

严重级别

important

主题

An update for bind/tomcat is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

bind: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
tomcat: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.


Security Fix(es):
bind: A denial of service flaw was discovered in bind versions that include the "deny-answer-aliases" feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)
bind: bugfix
tomcat: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.(CVE-2018-1336)
tomcat: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F7.

影响组件

  • bind
  • tomcat

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["bind-9.9.4-61.el7_5.1.x86_64.rpm","bind-chroot-9.9.4-61.el7_5.1.x86_64.rpm","bind-debuginfo-9.9.4-61.el7_5.1.x86_64.rpm","bind-devel-9.9.4-61.el7_5.1.x86_64.rpm","bind-libs-9.9.4-61.el7_5.1.x86_64.rpm","bind-libs-lite-9.9.4-61.el7_5.1.x86_64.rpm","bind-license-9.9.4-61.el7_5.1.noarch.rpm","bind-lite-devel-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-devel-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-libs-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-utils-9.9.4-61.el7_5.1.x86_64.rpm","bind-sdb-9.9.4-61.el7_5.1.x86_64.rpm","bind-sdb-chroot-9.9.4-61.el7_5.1.x86_64.rpm","bind-utils-9.9.4-61.el7_5.1.x86_64.rpm"],"source":"bind-9.9.4-61.el7_5.1.src.rpm"},{"binary":["tomcat-7.0.76-8.el7_5.noarch.rpm","tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm","tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm","tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm","tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm","tomcat-jsvc-7.0.76-8.el7_5.noarch.rpm","tomcat-lib-7.0.76-8.el7_5.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm","tomcat-webapps-7.0.76-8.el7_5.noarch.rpm"],"source":"tomcat-7.0.76-8.el7_5.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["bind-utils-9.9.4-61.el7_5.1.x86_64.rpm","bind-9.9.4-61.el7_5.1.x86_64.rpm","bind-chroot-9.9.4-61.el7_5.1.x86_64.rpm","bind-debuginfo-9.9.4-61.el7_5.1.x86_64.rpm","bind-devel-9.9.4-61.el7_5.1.x86_64.rpm","bind-libs-9.9.4-61.el7_5.1.x86_64.rpm","bind-libs-lite-9.9.4-61.el7_5.1.x86_64.rpm","bind-license-9.9.4-61.el7_5.1.noarch.rpm","bind-lite-devel-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-devel-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-libs-9.9.4-61.el7_5.1.x86_64.rpm","bind-pkcs11-utils-9.9.4-61.el7_5.1.x86_64.rpm","bind-sdb-9.9.4-61.el7_5.1.x86_64.rpm","bind-sdb-chroot-9.9.4-61.el7_5.1.x86_64.rpm"],"source":"bind-9.9.4-61.el7_5.1.src.rpm"},{"binary":["tomcat-7.0.76-8.el7_5.noarch.rpm","tomcat-admin-webapps-7.0.76-8.el7_5.noarch.rpm","tomcat-docs-webapp-7.0.76-8.el7_5.noarch.rpm","tomcat-el-2.2-api-7.0.76-8.el7_5.noarch.rpm","tomcat-javadoc-7.0.76-8.el7_5.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-8.el7_5.noarch.rpm","tomcat-jsvc-7.0.76-8.el7_5.noarch.rpm","tomcat-lib-7.0.76-8.el7_5.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-8.el7_5.noarch.rpm","tomcat-webapps-7.0.76-8.el7_5.noarch.rpm"],"source":"tomcat-7.0.76-8.el7_5.src.rpm"}]}]}

CVE

参考