nss-3.53.1-17.0.1.el8
エラータID: AXSA:2021-1536:01
リリース日:
2021/03/01 Monday - 16:46
題名:
nss-3.53.1-17.0.1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- nss は座標を projective から affine に変換する際、モジュラ反転が一定の時間で
実行されないため、タイミングに基づいたサイドチャネル攻撃を受けるかも知れない
脆弱性があります。(CVE-2020-12400)
- nss には、楕円曲線(EC:Elliptic Curve)のスカラー倍算の際に使用する
wNAF法の乗算アルゴリズムが、署名作成の際に使用したナンスの一部を
漏洩してしまう問題があり、幾つかの署名作成の電磁的トレースにより、
プライベートキーが計算されてしまう脆弱性があります。(CVE-2020-6829)
現時点では CVE-2020-12403 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
CVE-2020-12403
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
追加情報:
N/A
ダウンロード:
SRPMS
- nss-3.53.1-17.0.1.el8.src.rpm
MD5: 8a0f484262b865694984bac69bac4d69
SHA-256: d3aafe959e9307e709f3f0febc925da161ecab1ec07e84ff1b3cfb48142dea91
Size: 136.78 MB
Asianux Server 8 for x86_64
- nss-3.53.1-17.0.1.el8.x86_64.rpm
MD5: 7cb2aa74d3096566a34429a14fd3a719
SHA-256: 188515637aef0bd633e053d5732a27430c943ae732c2fc29378a6d3739ceb5f8
Size: 722.19 kB - nss-devel-3.53.1-17.0.1.el8.x86_64.rpm
MD5: e65cefa58c356a23cf846d0e98ac76b7
SHA-256: 97cd488493e4135e2254ac4d884dc35377a61a2305ce511f26c6d154acf597a8
Size: 269.11 kB - nss-softokn-3.53.1-17.0.1.el8.x86_64.rpm
MD5: e37218c6a85b4ba0ae091297c3741bea
SHA-256: d75982215263b98c17a7e486f6792300d94b1958d69743355d830cbe2cd0f3f3
Size: 483.14 kB - nss-softokn-devel-3.53.1-17.0.1.el8.x86_64.rpm
MD5: 22cc43520d421d0ef82bdfd8a720faff
SHA-256: d2c505ae7c972299d7a70aef4809bb8f9c7e581bda001d64d3e38d8d20a4cd62
Size: 66.50 kB - nss-softokn-freebl-3.53.1-17.0.1.el8.x86_64.rpm
MD5: 2804c6f8036f6a9b8592b6471f1eeeba
SHA-256: 9c9a60b032f9a4e39468159ec2f699197ca9b98ba5882268c982c7552d0f32dc
Size: 374.75 kB - nss-softokn-freebl-devel-3.53.1-17.0.1.el8.x86_64.rpm
MD5: 5d221a4c21a260f1e6dd3808fbc2f5fe
SHA-256: 562094a29f7a66a6607dcaa51f575ec92bdb328d9e267ab4734e065f9b767359
Size: 118.43 kB - nss-sysinit-3.53.1-17.0.1.el8.x86_64.rpm
MD5: 5bbf88b8c1c621c892fe719ca404a977
SHA-256: 5d11952a8954baeef82abe58482334e654eb5f17cadb4b1845d9da59fcd70ac6
Size: 71.28 kB - nss-tools-3.53.1-17.0.1.el8.x86_64.rpm
MD5: c614b17be393b3a566365d0ccd8b39d5
SHA-256: 5a0f05b9ee042bc3b6f15204fd3f13dbbf20940024d65a872faf7b6f0ace76ac
Size: 559.20 kB - nss-util-3.53.1-17.0.1.el8.x86_64.rpm
MD5: c155cc1da1d1af4b704878800951c4cc
SHA-256: fd687833d85ed1682280da5eddc3ca680d2c60267c9bc8e422db3e963ed3f9ab
Size: 135.39 kB - nss-util-devel-3.53.1-17.0.1.el8.x86_64.rpm
MD5: 778ca04e8315f886412f185766348802
SHA-256: 4b4dae0e1c6b78365033e15cea11599515da4c25de4467372c5230f0b8e5ef74
Size: 130.07 kB - nss-3.53.1-17.0.1.el8.i686.rpm
MD5: 2a8e37c967e8495a8e38039f408b9445
SHA-256: f19a34208dd2311f3688d1888d7db5ac19d795736301934ec529366cb38f5f57
Size: 796.79 kB - nss-devel-3.53.1-17.0.1.el8.i686.rpm
MD5: c08a0b2ebbc7ef53aa1d8409ab4fbba7
SHA-256: 34cfe4389b67ef40213b44eddad272085ccf156cc81eb0cc3f1b61ba15b5392c
Size: 272.66 kB - nss-softokn-3.53.1-17.0.1.el8.i686.rpm
MD5: b9876d473f313a6146b874722a1513e2
SHA-256: c9acdc5e0424927097122eb1e9a419fbab6c4268667bb91440ca00500bfda6f8
Size: 516.59 kB - nss-softokn-devel-3.53.1-17.0.1.el8.i686.rpm
MD5: 9fdb7d6277871fde34ee9aa86dbfe1bb
SHA-256: 3b0da2ceeb1736adbd0950831e1e5dbdd5a6990c0e3b9e9c12538cf098ed86ab
Size: 66.54 kB - nss-softokn-freebl-3.53.1-17.0.1.el8.i686.rpm
MD5: b59ede29255141fcd5d0e4b07d991546
SHA-256: 1c9321dbc5a9ff3262294c1c79ef962b8bce38d303f031e7e909575f8fa24304
Size: 379.39 kB - nss-softokn-freebl-devel-3.53.1-17.0.1.el8.i686.rpm
MD5: f134085e7a4f66ce77b51f8b2bdc576d
SHA-256: 63f04e79d3cd681a7a3faca319abd1dfe764b201772bfb5619fa2e87c3f07ab9
Size: 117.82 kB - nss-util-3.53.1-17.0.1.el8.i686.rpm
MD5: 4a1cc5ee45eff31cc6e831f9c0d31d16
SHA-256: 7e5f32c5da92ec5ed5fecead91f86f5961ed50a52dadec8b321cc95a9f2f1cec
Size: 138.11 kB - nss-util-devel-3.53.1-17.0.1.el8.i686.rpm
MD5: c6c16a24b00b4c5d65b5570a67296dff
SHA-256: 59cfc1e6a98d5f70a913dbbfe80bff36a42a1e92879ba2a2f7c5d180d419494c
Size: 130.11 kB