openssl-1.0.2k-16.0.1.el7.AXS7
エラータID: AXSA:2019-3727:01
リリース日:
2019/02/25 Monday - 05:07
題名:
openssl-1.0.2k-16.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- X.509 証明書における IPAddressFamily 拡張の解析中に, 1バイト
多く読み込みすぎる可能性があります。これにより, 証明書の表示が誤った
ものになる脆弱性があります。(CVE-2017-3735)
- Libcrypt が ECDSA シグネチャの際, メモリキャッシュサイドチャネル攻撃で
鍵が漏洩する恐れがある脆弱性があります。(CVE-2018-0495)
- DH(E) 法に基づいた TLS ハンドシェイクを用いた暗号鍵の交換中,
悪意のあるサーバから, 巨大な素数をクライアントに送ることができます。
その素数により, クライアントは鍵生成に膨大な時間を費やしてしまい,
鍵生成が完了する前に DoS を引き起こす脆弱性があります。(CVE-2018-0732)
- OpenSSL による RSA 鍵生成アルゴリズムが, キャッシュを行う瞬間に,
サイドチャネル攻撃に弱い脆弱性があります。(CVE-2018-0737)
- ANS.1 で構成された再帰的定義が, 悪意のある過度な再帰を含む入力により,
結果的にスタックオーバーフローを起こす DoS 攻撃を受ける脆弱性が
あります。(CVE-2018-0739)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-3735
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVE-2018-0732
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
CVE-2018-0737
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
CVE-2018-0739
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.0.2k-16.el7.src.rpm
MD5: 3562ffeff775c6a0eb79fe1de01d0c4c
SHA-256: f92416a2c57218b95888346ea04f3bb03e11971b6d7f6030eb5399ba3fdd84af
Size: 3.57 MB
Asianux Server 7 for x86_64
- openssl-1.0.2k-16.el7.x86_64.rpm
MD5: dafdd504d0a91addc76b1bdcd4b38704
SHA-256: 37906d4fdc7c8077e89c2adce36db2942d9b068c65658706ab4fde31edef04c8
Size: 491.66 kB - openssl-devel-1.0.2k-16.el7.x86_64.rpm
MD5: c727878a006c0c82e9c5a15f5583dabf
SHA-256: 1c194eafa67d262f18083eccc658123053b0cf9b60b7fc73bef45f87d634897e
Size: 1.51 MB - openssl-libs-1.0.2k-16.el7.x86_64.rpm
MD5: 895b72350887e1fdd00e1fa9c09bd901
SHA-256: 4d90a3a331f424d4bee50f1163a537ae3130136d7fed89267c9ce0ac9bd1adfe
Size: 1.19 MB - openssl-devel-1.0.2k-16.el7.i686.rpm
MD5: dc2057214af3a5474833324942ee04dd
SHA-256: 054a8ba553fc44a49567948f89dbb54fb5cccd6836dbb9b7cea8829209612bd5
Size: 1.51 MB - openssl-libs-1.0.2k-16.el7.i686.rpm
MD5: 6ffd289288d7315be389f0d58b5e1282
SHA-256: 11ec9855762ab8eea3631e2e0765f4fbb174445e7c31f647ecf201bb2173e917
Size: 0.97 MB
English