openssl-1.0.2k-26.el7
エラータID: AXSA:2023-5232:02
リリース日:
2023/03/22 Wednesday - 07:06
題名:
openssl-1.0.2k-26.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL の X.509 の GENERAL_NAME 構造体には、x400Address
メンバの型指定が誤って ASN1_TYPE として宣言されていることに
起因して任意のポインターを memcmp() 関数に引き渡すことができる
問題があるため、リモートの攻撃者により、CRL チェックを有効に
するなどの細工をしたアプリケーションを介して、メモリ領域の不正
な読み取りやサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-0286)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.0.2k-26.el7.src.rpm
MD5: 09a80e6118b09b3d5a1857c7a9f2ba8b
SHA-256: 645b18fc63071cca1b79de0fad6337b2fe8da52ff25901962d8d67a22accf9ed
Size: 3.60 MB
Asianux Server 7 for x86_64
- openssl-1.0.2k-26.el7.x86_64.rpm
MD5: 70f0ad5c144ee462166be54a6e9d8c60
SHA-256: 5e8dfbde37e47f0cdb2eb01450ef4b0960d918f4a514d034fa79cbac96a61fb2
Size: 493.28 kB - openssl-devel-1.0.2k-26.el7.i686.rpm
MD5: 5dd76f2db767be3a6c47ce0989410662
SHA-256: 46c7954909483906383cafceb7e0c46d566e3cc513946924d79f9bd3cc6229c8
Size: 1.51 MB - openssl-devel-1.0.2k-26.el7.x86_64.rpm
MD5: 6b7e9ce73a6b41683be9be4148b8dca4
SHA-256: 1e8cc55c20fc38f839be330d22c37cf72c3e79adc65fa9343a060931414a356d
Size: 1.51 MB - openssl-libs-1.0.2k-26.el7.i686.rpm
MD5: 75fafb14fe83b0ab1608c0ed4c2f5d37
SHA-256: 8eb6d6bb86dfe4d4fdba2211c7e7b2bd55e61ba27420a0670c3dfefcceba9c57
Size: 0.97 MB - openssl-libs-1.0.2k-26.el7.x86_64.rpm
MD5: 4b11ebebf42bd7dd1b9a691edeae919b
SHA-256: ea0353f377fb843903f0b3273b93cbe7b94262f677f29840d79c8f99d1d9a35d
Size: 1.20 MB