nspr-4.25.0-2.el8, nss-3.53.1-11.0.1.el8
エラータID: AXSA:2020-690:01
リリース日:
2020/10/13 Tuesday - 10:11
題名:
nspr-4.25.0-2.el8, nss-3.53.1-11.0.1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- nspr には不適切なソフトトークンのセッションオブジェクトの
参照カウントの問題があり、解放後使用(user-after-free)と
(サービス拒否に限定される可能性が高い)クラッシュの原因となる
脆弱性があります。(CVE-2019-11756)
- nspr には、 HelloRetryRequest を送った直後にクライアントが
TLS1.3 未満のプロトコルをネゴシエートすることで、TLSステートマシン
内で無効な状態遷移を引き起し、クライアントがこの状態になっていると、
着信したアプリケーションデータの記録が無視されてしまう脆弱性があります。
(CVE-2019-17023)
- nspr は RSA キーを生成している間、BIGNUM の実装に
入力依存フローを明確に必要とするバイナリ拡張ユークリッド互除法の変種を
使用するため、攻撃者が電磁ベースのサイドチャネル攻撃を実行し、
重要な秘密を復元するためにレコードをトレースされてしまう
脆弱性があります。(CVE-2020-12402)
- 現時点では CVE-2019-17006 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-11756
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
CVE-2019-17006
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
CVE-2020-12402
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
追加情報:
N/A
ダウンロード:
SRPMS
- nspr-4.25.0-2.el8.src.rpm
MD5: 5515c6664ec7611a60f78c3f8ac52336
SHA-256: fb544fe07d6a075753695780e7858d9141ce1384409e3f40db8c2b54f044cc9a
Size: 1.05 MB - nss-3.53.1-11.0.1.el8.src.rpm
MD5: 8002bc884066741cca93f4e9f44da90b
SHA-256: 90a43e0ed3c41fb268b496615f252a4c18c01119afb1ae7d2b1c75813543ba08
Size: 136.45 MB
Asianux Server 8 for x86_64
- nspr-4.25.0-2.el8.x86_64.rpm
MD5: 94d866df129d3d9a6d7418c5feca747e
SHA-256: 27c9430125754dc6b6e332a480279025f73da6ef0959b0e825c82e450d5e1640
Size: 141.00 kB - nspr-devel-4.25.0-2.el8.x86_64.rpm
MD5: eb61fcb225f9fc56f8a09f34b86ec4e4
SHA-256: 70b5d6fc5c2c84be0ff2e1e40114953613f603e9b14de50abaae0d79c122cd75
Size: 119.20 kB - nss-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 97e67ca0e06009102f3667b0c2c9b2e2
SHA-256: bb0d2e078bd200d41a5a508409d37a410c9c0635210c369bbf969145a8271a9a
Size: 720.75 kB - nss-devel-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 16cc12401be2b0198be4f549ca44f78f
SHA-256: 10ba0bd12ec55b294af6971be52e9cf91fa486ff79a6801d5f5d27bb29394387
Size: 268.04 kB - nss-softokn-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 2bb92cdf2b3dcfa0c6cf57f33b913963
SHA-256: 8cb5f66823affa251e4c157ff546ea591aca257aaedc5ed5ebe17b889ef4225a
Size: 482.47 kB - nss-softokn-devel-3.53.1-11.0.1.el8.x86_64.rpm
MD5: ceda3bcf6a7b55e479fc7b439853001a
SHA-256: fb74fd5d0209d89cf5870e59c6e38fc586fdda9d3dc51ee2838e848fe49a3e1c
Size: 65.54 kB - nss-softokn-freebl-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 0c1cc92f2f205d5d3e8fbf9d191f4970
SHA-256: 469ecd8eeb1ca6097913adb94ba790e4dae954d7c8251ff601137e8b53322e35
Size: 288.57 kB - nss-softokn-freebl-devel-3.53.1-11.0.1.el8.x86_64.rpm
MD5: a87dbb25f2dc3ff1632825c1b024d0a1
SHA-256: 524acd2d1d6dcd1d9e42fae103d8b035b82970aac5909fd169a487e97aec7702
Size: 117.47 kB - nss-sysinit-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 4388d8a5d766e8bed26b83a16c266155
SHA-256: 9245b60c266541975d291e58940b060b729c1eea10c207f8bf1efb61e33f0d05
Size: 70.40 kB - nss-tools-3.53.1-11.0.1.el8.x86_64.rpm
MD5: c10ddab3a7c9f86315cc94873d85be05
SHA-256: 621501b7f06ad45102bab5cfa0f8a3f7f8316367f37d4da3d738aa55fe736e60
Size: 558.61 kB - nss-util-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 3420b1572343f69746b271fbdb3de4a7
SHA-256: bba664ce41a9c11a784d6465f1d6f6e9cb02f603ed0882fbe41d1a83b7317485
Size: 133.92 kB - nss-util-devel-3.53.1-11.0.1.el8.x86_64.rpm
MD5: 64f043d5a313c84e9fc376b37931b98d
SHA-256: 534b6d6bd89d78fec04eaf5f7f7823ab6094df50b76f8d476c1868b340b76ae8
Size: 128.82 kB - nspr-4.25.0-2.el8.i686.rpm
MD5: 0cbfc6ec41855c8f46f316d9fea3b907
SHA-256: 5e7256c16f3f862c9225acd8c24603d6dc90826817a22dd1561ede6cc230efdc
Size: 151.08 kB - nspr-devel-4.25.0-2.el8.i686.rpm
MD5: c8f7c6d04e18a5b41f283a27dc8c00d6
SHA-256: 936edbebeb2828ed13f0c88cfd8b16498c1f1933eb967f9ddbe7b1ff3436d20d
Size: 119.24 kB - nss-3.53.1-11.0.1.el8.i686.rpm
MD5: 7e66765b505f4c1db41d971ed14bad04
SHA-256: 956626d23129223b72ee4ab4659ac7f769e3769eef91d3bedda2d9fee2358ce7
Size: 794.32 kB - nss-devel-3.53.1-11.0.1.el8.i686.rpm
MD5: 92bacb5b871f4a407f27116a89cb0ce0
SHA-256: 7b5124fa093cd7ffbba3b072c983fc4f08e43185e6dbc339ef4feb19f7b95355
Size: 271.58 kB - nss-softokn-3.53.1-11.0.1.el8.i686.rpm
MD5: 2e7fe467079d19921d57162a6bc4002d
SHA-256: 05c0b719ebc7ef52f70602e263329bca3a3b335dd93f6f5f1867ff56834d1711
Size: 517.03 kB - nss-softokn-devel-3.53.1-11.0.1.el8.i686.rpm
MD5: 47bae2413d62f2530ae84466f4703869
SHA-256: 2ff52810ee4b3455e1fdec7308098c75f459b3043c8e132ef16f84f7e5ca79f9
Size: 65.58 kB - nss-softokn-freebl-3.53.1-11.0.1.el8.i686.rpm
MD5: 4bf0ce5cadba83ab47172367aa93d740
SHA-256: ad6159a1394a416106e0dec15f0ddf70ea8d03309518e083c7324ae05c661d20
Size: 276.71 kB - nss-softokn-freebl-devel-3.53.1-11.0.1.el8.i686.rpm
MD5: 56a233a9f50d72cc5766bf2f1a3b7a6d
SHA-256: f8c908ef231b8047d935109fdfbecd7b5a83f95fbf3866036a02b411d2c6ceeb
Size: 116.86 kB - nss-util-3.53.1-11.0.1.el8.i686.rpm
MD5: 184c9db9d81187316d65e7bf7844de12
SHA-256: 8f177afd9e41c9ed7726dbac34aa0345b2a8ca8b3e5688f1c3884881d816cff5
Size: 136.91 kB - nss-util-devel-3.53.1-11.0.1.el8.i686.rpm
MD5: 1e0f172579f520e1cce3bf9807702f05
SHA-256: a61b5f7f800f9fe21e5eda282f044641081d6239cc543dfedb1ba169b1fc60f4
Size: 128.86 kB