tang-7-8.el8

エラータID: AXSA:2023-7186:03

Release date: 
Friday, December 22, 2023 - 22:56
Subject: 
tang-7-8.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption (NBDE) project.

Security Fix(es):

* tang: Race condition exists in the key generation and rotation functionality (CVE-2023-1672)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Solution: 

Update packages.

CVEs: 
CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
Additional Info: 

N/A

Download: 

SRPMS
  1. tang-7-8.el8.src.rpm
    MD5: 5a3f5cc2469be2258b5b17bbf7b5c28e
    SHA-256: ddb76490dc44fb526b901355be95b0866a3b3374f5a2c9f68f628068bab0c9c9
    Size: 136.87 kB

Asianux Server 8 for x86_64
  1. tang-7-8.el8.x86_64.rpm
    MD5: bf7ce61e3b59d776a16c26275c40c7f3
    SHA-256: c8d4485e898f0dbf39cfb37c773641e7ec058b53d20c11f3108b5ed844a0479f
    Size: 46.07 kB