openssl-1.0.2k-25.el7
エラータID: AXSA:2022-3130:03
リリース日:
2022/03/29 Tuesday - 01:29
題名:
openssl-1.0.2k-25.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL には、ライブラリの BN_mod_sqrt 関数に不正な曲線パラメー
ターを指定した場合に無限ループが発生する欠陥を利用して、攻撃者が細
工した証明書を OpenSSL に処理させることにより、サービス拒否攻撃を
可能とする脆弱性が存在します。
(CVE-2022-0778)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.0.2k-25.el7.src.rpm
MD5: d3a9fa28c4ffa07248c35efcccc66e55
SHA-256: fcefc9dfa8e9f964bcfd57d05d8e73473989b721ab20c717c2fbc7f8bac1d265
Size: 3.60 MB
Asianux Server 7 for x86_64
- openssl-1.0.2k-25.el7.x86_64.rpm
MD5: 2ca7a030ca9c1a5daa34554e939bd712
SHA-256: 89217d205641ea2538521b6a658968713c8ac472a2c2c69a63922965eee7d6a5
Size: 493.13 kB - openssl-devel-1.0.2k-25.el7.x86_64.rpm
MD5: ab2b2bc2d7f6e5703c03629e191bef59
SHA-256: 3ff478369918c6b431f8bd831e3ef8c9e6901ff0cfaca2795865c473e1768701
Size: 1.51 MB - openssl-libs-1.0.2k-25.el7.x86_64.rpm
MD5: 0892233cf456af21e076da9096832c9f
SHA-256: c948aa7ccf3b62d26e3a9e6a23eafc54d9fe3cdb544e5177667a50d187af1ef1
Size: 1.20 MB - openssl-devel-1.0.2k-25.el7.i686.rpm
MD5: e16d5390dbb8c32e0ff929e24b1bd1e3
SHA-256: a4572bb1f3f0378acdb22a6e68ef33c96418f44511971a5fd00dc2a7f1b605ac
Size: 1.51 MB - openssl-libs-1.0.2k-25.el7.i686.rpm
MD5: ef61f98d3eb396cc536875c8bf9f9ad7
SHA-256: 4ff1925d4eb6e80f8f12c9a3eef49e1db1938f9b4ee7782d70dc1b40dc16f96f
Size: 0.97 MB