gnutls-3.6.14-8.el8, nettle-3.4.1-4.el8
エラータID: AXSA:2021-1688:01
リリース日:
2021/04/19 Monday - 06:03
題名:
gnutls-3.6.14-8.el8, nettle-3.4.1-4.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Secuirty Fix]
- Nettle の Nettle 署名を検証する関数 (GOST DSA、EDDSA や ECDSA) には、楕円曲線のスカラー倍算が
範囲外のスカラーを使って呼び出される問題があり、攻撃者が不正な署名を強制することを許可するため、
アサーションを失敗させたり、又は許可させてしまう脆弱性があります。(CVE-2021-20305)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
追加情報:
N/A
ダウンロード:
SRPMS
- gnutls-3.6.14-8.el8.src.rpm
MD5: 0244e4d4e231fcfd0373ad94623d877e
SHA-256: 3105cdf7d2d5e21df5ce2ffcb33bdb4aacf49216a5b395504ad8ea7926cf76d2
Size: 5.91 MB - nettle-3.4.1-4.el8.src.rpm
MD5: 8fc32787e9a72fef6dd85146bba2ff4d
SHA-256: d4d8594aeb5bdd806cd3e0a35f250e1c266e0225d3d56355c6b87509aad258d5
Size: 1.38 MB
Asianux Server 8 for x86_64
- gnutls-3.6.14-8.el8.x86_64.rpm
MD5: 516940bbe0289b6c9ac4cfc9ea5b9c5e
SHA-256: eed6da66ea957fa5d38457e8c2db15030642c36d1957c4ab49c5fa5972893e90
Size: 0.99 MB - gnutls-c++-3.6.14-8.el8.x86_64.rpm
MD5: 665d21f1c8849bf2125a5cfd77a33104
SHA-256: af11b8196da4a8d1bf0d5d4ce601f6fa7ba41e4b309ad0b698377aab64b96a70
Size: 46.80 kB - gnutls-dane-3.6.14-8.el8.x86_64.rpm
MD5: a8612b5238074cb1754229ba120ed46a
SHA-256: 77553240c363c534bdec0f524ce967f515d806058391cd5a536334c306372a9e
Size: 50.03 kB - gnutls-devel-3.6.14-8.el8.x86_64.rpm
MD5: 806c5f34304a0a2fa77cb29fe6768c2a
SHA-256: e35e788421d30011364fa4bc71a702dc691c67be44c8fd92649ccd3e7a3481de
Size: 2.18 MB - gnutls-utils-3.6.14-8.el8.x86_64.rpm
MD5: 570b7097c90b67da1d60e059b866083f
SHA-256: 387655ce9539b9452088a99535007fd75309358d40bbb27ab78065dfad37fced
Size: 346.02 kB - nettle-3.4.1-4.el8.x86_64.rpm
MD5: 94113da6ad0c1adadc490bb37c23fa99
SHA-256: c73a2ff9445d89c0f0676c59a03579b31366bb09747f54a3281f661c5cd32fc1
Size: 299.43 kB - nettle-devel-3.4.1-4.el8.x86_64.rpm
MD5: cf6d02abd81fee8c430ea5adc29e3b19
SHA-256: 7095c1ae2ef1b993ffedee32d2864f2535333b149dcbd2a83e3064b786158111
Size: 634.74 kB - gnutls-3.6.14-8.el8.i686.rpm
MD5: 8b2340504cede9635e416f38e206b0af
SHA-256: c16e6cd0b7c6a882380a522db5f17cf8cef68c7c8af7f6a5e0ffc084b64ec433
Size: 1.00 MB - gnutls-c++-3.6.14-8.el8.i686.rpm
MD5: 812c6b63b24222d56dd2cc94d837baa4
SHA-256: 6a03c4fc169a5351fb98ff6c5d4022a64904355baa2fa7287f5ddb20d8e37369
Size: 47.87 kB - gnutls-dane-3.6.14-8.el8.i686.rpm
MD5: e86a3e7263800c9aafd409f36ce49f8b
SHA-256: 13d7806e1235ce26f85d45d13838360b1d5e3002d5002986026e27d3325cedcb
Size: 50.92 kB - gnutls-devel-3.6.14-8.el8.i686.rpm
MD5: de7f20299ff79ef55af1a95ccb630e3c
SHA-256: c458023804be68a2e31e6fad60ee9b49947945cd9a4809350e863951bbf6fbf8
Size: 2.18 MB - nettle-3.4.1-4.el8.i686.rpm
MD5: a28b122a1d08b49e23f05581c721f58d
SHA-256: cbe4825ec8c0ca872f5b01c7104f374e2304d74d065fcad570ae232f6920a942
Size: 319.25 kB - nettle-devel-3.4.1-4.el8.i686.rpm
MD5: 4948064a1e01db07a9a44b4260059ef9
SHA-256: bab54449ea1d780dd6c2e0f8229c79521ca9e961644002de2b0ccbbb644be075
Size: 634.76 kB
English