nettle-2.7.1-9.el7
エラータID: AXSA:2021-1651:01
リリース日:
2021/04/09 Friday - 00:48
題名:
nettle-2.7.1-9.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Secuirty Fix]
- Nettle の Nettle 署名を検証する関数 (GOST DSA、EDDSA や ECDSA) には、楕円曲線のスカラー倍算が
範囲外のスカラーを使って呼び出される問題があり、攻撃者が不正な署名を強制することを許可するため、
アサーションを失敗させたり、又は許可させてしまう脆弱性があります。(CVE-2021-20305)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- nettle-2.7.1-9.el7.src.rpm
MD5: 27da81cb9100717431f11a8c169df1b2
SHA-256: 3aa5542cbedf90181ca80ab8d230678c78434bb2e45d8d2a439adb884f24cb4d
Size: 1.76 MB
Asianux Server 7 for x86_64
- nettle-2.7.1-9.el7.x86_64.rpm
MD5: 1a4f6d540c1a1a5448ba760d0bd1caff
SHA-256: 83d2b8505f540a6c57cadb42030378878a7e93bb51870308f984fa798b15d61f
Size: 326.70 kB - nettle-devel-2.7.1-9.el7.x86_64.rpm
MD5: d0040a96f5d9cd9fc4f0cc7148f5ae47
SHA-256: b63395a8689377b0eb95d9d2ab1bdc05698b5ca412e9317b3d2b1e4c39737ff7
Size: 470.29 kB - nettle-2.7.1-9.el7.i686.rpm
MD5: ea3f85aebb9f8f65484116579302f12a
SHA-256: d29428e41ce8c736e791355384039bb80c6b147317fa860bb555246641675993
Size: 329.32 kB - nettle-devel-2.7.1-9.el7.i686.rpm
MD5: 80c390fe83fa47b3f470cde01c4df843
SHA-256: 2936a3fc160517c6e6367fdd1cf0b9bbc99d45eed148e244bce587120b1aefae
Size: 470.32 kB
English