gnutls-3.6.14-7.0.1.el8
エラータID: AXSA:2021-1156:01
リリース日:
2021/01/14 Thursday - 04:51
題名:
gnutls-3.6.14-7.0.1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GnuTLS は、no_renegotiation アラートが予期しないタイミングで
送信された場合に、サーバーが TLS 1.3 クライアントでの
ヌルポインターデリファレンスを引き起こし、不正な
セカンドハンドシェイクを発生させてしまい、アプリケーションの
エラーハンドリングパスでクラッシュを起こす脆弱性があります。
(CVE-2020-24659)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-24659
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-3.6.14-7.0.1.el8.src.rpm
MD5: dea30735d2f1e1f4612e882bfea40891
SHA-256: 56f8045fc5180aa4221de6974676154ac570ebb8b30bdf951fc980b074fc3b60
Size: 5.91 MB
Asianux Server 8 for x86_64
- gnutls-3.6.14-7.0.1.el8.x86_64.rpm
MD5: e9cd74dd89e04d26ded4aa1beaf67daa
SHA-256: a8ffa484b769c65bb58de2eae0b9bc30875645e2548c52ea5a93b0947e05293e
Size: 0.99 MB - gnutls-c++-3.6.14-7.0.1.el8.x86_64.rpm
MD5: 6cf88f1f4f56bfab978ebae780b00cc4
SHA-256: 5196c4506837ca6f95a4e882f54ba7ef87eba2ab29edadd7971d0796477a585d
Size: 47.06 kB - gnutls-dane-3.6.14-7.0.1.el8.x86_64.rpm
MD5: 1b388837a4b7af93cf9df0fdb519c76c
SHA-256: d6a7e396240f79e15bc72f314407c051fda198ecbce3764063a12690dca95b46
Size: 50.28 kB - gnutls-devel-3.6.14-7.0.1.el8.x86_64.rpm
MD5: d2b171d83ca80616d83d1799e7e2b17c
SHA-256: e9d2f7d2327dfc77bd77ec097e58b2a749da71dec935323413c7c3547d666c55
Size: 2.18 MB - gnutls-utils-3.6.14-7.0.1.el8.x86_64.rpm
MD5: a3cbc58d51c6ae24c3222c36c4f13f69
SHA-256: e070190228ae2301db17225dfea8b625e3a05da5954a2ff2b7ed3c52182bedaa
Size: 346.28 kB - gnutls-3.6.14-7.0.1.el8.i686.rpm
MD5: 76990254b07544cbcf0652b8eafeb9ef
SHA-256: dee2af7f647df1b2451c1ff850840190b889c5288c93eebdc1f71ba48c2dd436
Size: 1.00 MB - gnutls-c++-3.6.14-7.0.1.el8.i686.rpm
MD5: de9dd0d3c1e80323e23ec6dc8e45df3e
SHA-256: 7a1f62f456014895afa61ab49c2a087aeed6d34c4d39eba92374093ed0ebe198
Size: 48.14 kB - gnutls-dane-3.6.14-7.0.1.el8.i686.rpm
MD5: d526d38a0442b3a92d0f281dc7f13605
SHA-256: cdeea12afacb7cf2ad4a666f3244602f82565b3005f54a40ed8e6fe555d58484
Size: 51.20 kB - gnutls-devel-3.6.14-7.0.1.el8.i686.rpm
MD5: 81d22fd9b95ddfc2d85cad278561dfc3
SHA-256: 3c62989df627bd6dd34e203d445793fde6afbd0e34888f68c8523fb44b929cd8
Size: 2.18 MB