openssl-1.1.1g-11.el8
エラータID: AXSA:2021-1089:01
リリース日:
2021/01/06 Wednesday - 05:40
題名:
openssl-1.1.1g-11.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- openssl の 512 ビットを法として使用される x64_64 の Montgomery squaring
プロシージャには、オーバーフローの問題が存在し、低レベルのAPI (BN_mod_exp) を
直接使用しているアプリケーションが BN_FLG_CONSTTIME を使用している場合に影響を
受ける可能性のある脆弱性があります。(CVE-2019-1551)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-1551
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.1.1g-11.el8.src.rpm
MD5: c8d8ee20e1a672d4be87594f4e545c3f
SHA-256: 0123af3d384c630560b46cee1ec273165a636d83c39264a87477eea20797bcee
Size: 7.19 MB
Asianux Server 8 for x86_64
- openssl-1.1.1g-11.el8.x86_64.rpm
MD5: 2a611d8566bc8f130edec17bdb041e9e
SHA-256: 19fb8a00c91da53e1937fd0275743b01db454e9400d7b3d38fc48fc21ef0e19e
Size: 705.38 kB - openssl-devel-1.1.1g-11.el8.x86_64.rpm
MD5: b6d237f24c3cee54ae0a0223c61c4599
SHA-256: a6b9b731a296adc03d236c53ee2ac961a911fd7751a756acf0248791d99be522
Size: 2.32 MB - openssl-libs-1.1.1g-11.el8.x86_64.rpm
MD5: 5b0995ca406d5423aace63620d86233b
SHA-256: d0be7a850aeeba2c350a68159d810061c2a65d0be5300be44ea911aebc077666
Size: 1.46 MB - openssl-perl-1.1.1g-11.el8.x86_64.rpm
MD5: 599c3829814815b76168cefa22060818
SHA-256: c42226a63db130dfddfd279e2591ce84f5c9abd2ca68dc32a5817d91b434633f
Size: 78.43 kB - openssl-devel-1.1.1g-11.el8.i686.rpm
MD5: f92c503ebca32ec15759b16a434e8b4b
SHA-256: 11b08d6b88b9703959fccd11c0c5126da8d00bca095a66ab2478086b35a16f18
Size: 2.32 MB - openssl-libs-1.1.1g-11.el8.i686.rpm
MD5: 968ce3aa90683519e644cd6193ff2600
SHA-256: 4679408d4fed90a84fd21090b0a1b27d015ba0cf02151a9ec2e063b0ad8b2a8a
Size: 1.47 MB