openssl-3.0.1-43.el9
エラータID: AXSA:2022-3967:08
リリース日:
2022/11/02 Wednesday - 03:12
題名:
openssl-3.0.1-43.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- openssl には、X.509 証明書の検証における名前制約の確認処理に
スタックベースのバッファオーバーフローを引き起こす問題があるため、
リモートの攻撃者により、巧妙に細工されたメールアドレス欄をもつ
証明書を介して、サービス拒否攻撃やリモートコード実行を可能とする
脆弱性が存在します。(CVE-2022-3602)
- openssl には、X.509 証明書の検証における名前制約の確認処理に
スタックベースのバッファオーバーフローを引き起こす問題があるため、
リモートの攻撃者により、巧妙に細工されたメールアドレス欄をもつ
証明書を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-3786)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-3.0.1-43.el9.src.rpm
MD5: 8fb9296c599acbfb554afabc6eddaaca
SHA-256: 32a7e9b09a0e5504071b163caa1120d80277298d8ad68d992a2b55e4501553bc
Size: 10.75 MB
Asianux Server 9 for x86_64
- openssl-3.0.1-43.el9.x86_64.rpm
MD5: e603ca090826d19b8a5214aaecb5123d
SHA-256: 89ddeb8ec376315c072577a59d0e5b573a9eadbf3a61d72aff6e52e0535851cc
Size: 1.14 MB - openssl-devel-3.0.1-43.el9.x86_64.rpm
MD5: 73470f7953fbbe16b34e9270f7c1725a
SHA-256: 7ca30466867b4afdb770c403e54902de55dedf6e3bea9a13f551ce4b80cfcbe8
Size: 2.95 MB - openssl-libs-3.0.1-43.el9.x86_64.rpm
MD5: 59dec490983318779c639ba161fee496
SHA-256: 34f83adbae3ac407957930df52372fba7ccc7661dd63cf1ce06ad06d79bcbdee
Size: 2.13 MB - openssl-perl-3.0.1-43.el9.x86_64.rpm
MD5: ac85c12d72ac151cd7b09bac22b35ed3
SHA-256: b51ba744a0d4d2f67e3647fbc6bb2fac3f8cda9fd9c6a04a64294e7efcb07103
Size: 35.96 kB - openssl-devel-3.0.1-43.el9.i686.rpm
MD5: 2e3b999e2264ca0284622e7c40121744
SHA-256: 43771fa0a68d640cecbacf0959a775b16db15f5933465c9fe3e326bb8a30c94c
Size: 2.95 MB - openssl-libs-3.0.1-43.el9.i686.rpm
MD5: d90bb470e57916f69f8ad58f3cae6ed2
SHA-256: 20cdbf587f2f4f5980285ba5aebaeddc60da3113fa4a748ec6e4da5ea722b969
Size: 2.12 MB
English