An update for aide is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1523
Final
1.0
1.0
2022-02-11
Initial
2022-02-11
2022-02-11
openEuler SA Tool V1.0
2022-02-11
aide security update
An update for aide is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files.
Security Fix(es):
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.(CVE-2021-45417)
An update for aide is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
aide
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1523
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-45417
https://nvd.nist.gov/vuln/detail/CVE-2021-45417
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
aide-debugsource-0.16.2-2.oe1.aarch64.rpm
aide-debuginfo-0.16.2-2.oe1.aarch64.rpm
aide-0.16.2-2.oe1.aarch64.rpm
aide-0.16.2-2.oe1.aarch64.rpm
aide-debugsource-0.16.2-2.oe1.aarch64.rpm
aide-debuginfo-0.16.2-2.oe1.aarch64.rpm
aide-0.16.2-3.oe1.aarch64.rpm
aide-debugsource-0.16.2-3.oe1.aarch64.rpm
aide-debuginfo-0.16.2-3.oe1.aarch64.rpm
aide-help-0.16.2-2.oe1.noarch.rpm
aide-help-0.16.2-2.oe1.noarch.rpm
aide-help-0.16.2-3.oe1.noarch.rpm
aide-0.16.2-2.oe1.src.rpm
aide-0.16.2-2.oe1.src.rpm
aide-0.16.2-3.oe1.src.rpm
aide-debuginfo-0.16.2-2.oe1.x86_64.rpm
aide-0.16.2-2.oe1.x86_64.rpm
aide-debugsource-0.16.2-2.oe1.x86_64.rpm
aide-0.16.2-2.oe1.x86_64.rpm
aide-debugsource-0.16.2-2.oe1.x86_64.rpm
aide-debuginfo-0.16.2-2.oe1.x86_64.rpm
aide-debugsource-0.16.2-3.oe1.x86_64.rpm
aide-debuginfo-0.16.2-3.oe1.x86_64.rpm
aide-0.16.2-3.oe1.x86_64.rpm
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
2022-02-11
CVE-2021-45417
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
aide security update
2022-02-11
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1523