idm:DL1 security update

エラータID: AXSA:2024-8410:01

リリース日: 
2024/06/20 Thursday - 15:54
題名: 
idm:DL1 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Asianux Identity Management (IdM) is a centralized authentication, identity
management, and authorization solution for both traditional and cloud-based
enterprise environments.

Security Fix(es):

* JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681)
* python-jwcrypto: malicious JWE token can cause denial of service
(CVE-2024-28102)

CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and
related RFCs) allow remote attackers to cause a denial of service (CPU
consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of
the concerns is that, when there is a zone with many DNSKEY and RRSIG records,
the protocol specification implies that an algorithm must evaluate all
combinations of DNSKEY and RRSIG records.
CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a
denial of service (DoS) attack and possible password brute-force and dictionary
attacks to be more resource-intensive. This issue can result in a large amount
of computational consumption, causing a denial of service attack.
CVE-2024-28102
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography.
Prior to version 1.5.6, an attacker can cause a denial of service attack by
passing in a malicious JWE Token with a high compression ratio. When the server
processes this token, it will consume a lot of memory and processing time.
Version 1.5.6 fixes this vulnerability by limiting the maximum token length.

Modularity name: "idm"
Stream name: "DL1"

解決策: 

Update packages.

CVE: 
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
CVE-2024-28102
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. bind-dyndb-ldap-11.6-5.module+el8+1771+fe91f538.ML.2.src.rpm
    MD5: f5390aa320494e0a63330a0c5fc76232
    SHA-256: 217256f279d69ae675b37c06e02b43ebb3b456b30eba19ce7a60ac3831feb95c
    Size: 370.61 kB
  2. custodia-0.6.0-3.module+el8+1771+fe91f538.src.rpm
    MD5: df929b95207d3bff89aa57db6f2a4f1c
    SHA-256: 455be2c745bfd30069fc81af891ff79228247be89e98b9dedd9506c623641ab0
    Size: 144.66 kB
  3. ipa-healthcheck-0.12-3.module+el8+1771+fe91f538.src.rpm
    MD5: 05b0e325df03dbe81fd185e063ce3fe8
    SHA-256: 10bf6ca550323bb08e34e4da4786c5aa6ea9b42e5542d4becae9c7b5cb532196
    Size: 130.65 kB
  4. ipa-4.9.13-9.module+el8+1771+fe91f538.src.rpm
    MD5: 3791459c3f696439b595ed1fe94e6b4e
    SHA-256: f70dbe7ffca1f4526c9de46d38d6e042f8748ca7eef12837b2ba3e8f8ce575ef
    Size: 13.16 MB
  5. opendnssec-2.1.7-1.module+el8+1771+fe91f538.src.rpm
    MD5: 1419ce3f933c60018ac46471182dd8ac
    SHA-256: 1b3a65d02137474034c0d104d1bd668e1dfefbca88385eaff8772f82f285608b
    Size: 1.09 MB
  6. python-jwcrypto-0.5.0-2.module+el8+1771+fe91f538.src.rpm
    MD5: 4d8be36008cb7da0b3dc4cbd12d8eb77
    SHA-256: ce3e19349dce1148031b2f1de1d7248081f4fa49b789a3dfb4a940ca2751e711
    Size: 79.63 kB
  7. python-kdcproxy-0.4-5.module+el8+1771+fe91f538.src.rpm
    MD5: f31fcca13dab981a3c1316923725d54d
    SHA-256: c8c05f126f086766f8884921b416b2b1c1b52f6de0883c1dd838f8a29807ff6a
    Size: 36.22 kB
  8. python-qrcode-5.1-12.module+el8+1771+fe91f538.src.rpm
    MD5: f5224b1552ae607828f4672a5729df4b
    SHA-256: e311bbd78c2ef4c1e5e3d62ab063fcbc70b8bb70fb750f6dbefb546506a06b81
    Size: 33.36 kB
  9. python-yubico-1.3.2-9.1.module+el8+1771+fe91f538.src.rpm
    MD5: a56c4bf2165e41ad25def4fc8e7a10fc
    SHA-256: d7cd9ddf7aa68787ab4d06e69702bd2d2ef50d157bcb1036ab28bfc22fc1fbac
    Size: 50.84 kB
  10. pyusb-1.0.0-9.1.module+el8+1771+fe91f538.src.rpm
    MD5: 1aada7a5ac0cd3d28171d758ea992335
    SHA-256: e4ee973f18daa33521d1d566e9b9e1ca60ec2f3037c9e556500f5366e109607a
    Size: 78.96 kB
  11. slapi-nis-0.60.0-4.module+el8+1771+fe91f538.ML.1.src.rpm
    MD5: 29df3afedd31d66a67b1272a19f0f35e
    SHA-256: 2eafbed66fb8ff2613093cda736fefa320eef7d5f5f4dffba49db5b6a03b080e
    Size: 646.84 kB
  12. softhsm-2.6.0-5.module+el8+1771+fe91f538.src.rpm
    MD5: fea3e952e34b759b571857a8dbd417c5
    SHA-256: cbced158a2cb09c4ab56ad8e17da8c48294d7f8a69eb53dd84800f3831c2334c
    Size: 1.03 MB

Asianux Server 8 for x86_64
  1. bind-dyndb-ldap-11.6-5.module+el8+1771+fe91f538.ML.2.x86_64.rpm
    MD5: bb51633189e22855fdf5b6e8691f30fa
    SHA-256: 0080ed8d717bda56d523b64fd6183c3949a9112f874b0b12bcb23ff9eb8f3cb9
    Size: 127.27 kB
  2. bind-dyndb-ldap-debugsource-11.6-5.module+el8+1771+fe91f538.ML.2.x86_64.rpm
    MD5: a868a947950b117f5cee81b02681ce0e
    SHA-256: b97fff0df0669ced764af28edd77a9d44565907a3f7c74e51f0facc16440ec03
    Size: 114.73 kB
  3. custodia-0.6.0-3.module+el8+1771+fe91f538.noarch.rpm
    MD5: d5ee854b72cbe4161d285df692c1d853
    SHA-256: 74ede0e834e84d449821a396214ebbfd371c34ff0b9eeb9f845d3d0aef91aaf5
    Size: 32.29 kB
  4. ipa-client-4.9.13-9.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 492c595b1367d4447c8fdb92c8a4bd92
    SHA-256: d7ca19a3348455354bbb4a2cf1efe29054dbf3c18a351ca29d899e5ce2b8b1f1
    Size: 291.04 kB
  5. ipa-client-common-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 403f14f8f5f9ed43a7798fc09080b642
    SHA-256: 953153369912b1a700247e408fadf52a7e980490dd51a6c6ba2a39bc8038304a
    Size: 192.48 kB
  6. ipa-client-epn-4.9.13-9.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 72ba47a21f0260d9ca3a26dfe415e6d7
    SHA-256: 05d2a6fa258b1006568e8891e303aa8ab0c7a764b4c317fa5f74c14a36502a8c
    Size: 190.57 kB
  7. ipa-client-samba-4.9.13-9.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 8c70da26d463952b9c13389c3238832d
    SHA-256: b41433cd6ee7e7d06195e97f8fcada2410f580967938ae203219d8a0b479463b
    Size: 186.11 kB
  8. ipa-common-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 59d0de5b818b7e82f91828db054a5885
    SHA-256: d8f5a0392a2aa8f9a2c6dae7e788a04977ccf1fe4e56999a7e84a592aa9d13bc
    Size: 800.50 kB
  9. ipa-debugsource-4.9.13-9.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 89aa3b0717dbaade65b244a7b6717d80
    SHA-256: 7bba92338d12d8d1249e75828acb1f1600f7706cf5a1dd16df94a5aed58b8ebf
    Size: 507.97 kB
  10. ipa-healthcheck-0.12-3.module+el8+1771+fe91f538.noarch.rpm
    MD5: 9b4685972fa4e61eb0cc29791a62c0d6
    SHA-256: bc95e4f4a1539b45dd15d183a2cb5ed5bdbcc1a70b318c18b40ef08262dbe256
    Size: 113.20 kB
  11. ipa-healthcheck-core-0.12-3.module+el8+1771+fe91f538.noarch.rpm
    MD5: d24b9aebd964f85834f020f1d02e9d67
    SHA-256: 11795e29d9aa1d09302d6cf880c25b39ea345ce0a9e0a76e9c1bb2eb07d65839
    Size: 58.89 kB
  12. ipa-python-compat-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 74fe6bb769f07996bf8d999b307638fa
    SHA-256: 35c326f5fd4a93f0ec2226703a6db44b65312b0ed75f1133748eb6f547ccb19f
    Size: 183.92 kB
  13. ipa-selinux-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: fdf42e7e181f8168a98885d0d3617b10
    SHA-256: ad84c1d543b56f22a4be7364f0154880111f4e21e19ce451295b7e11e3d82b42
    Size: 184.43 kB
  14. ipa-server-4.9.13-9.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 6f5e8b8bb19fa231c40709eb93248d55
    SHA-256: 2db4a1d7121c176013610ebca3cdb40449f9dea3a69d2bc3fd4fd45f08da235b
    Size: 553.95 kB
  15. ipa-server-common-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 382c85c9b68c1d5dd2ea91f67078bc6b
    SHA-256: b02776ff22f044a15e2ccaa085eb31ed44ddc716135a1bef24c21330b0732b33
    Size: 625.47 kB
  16. ipa-server-dns-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: b6ba00be531530618dda723b99753fdb
    SHA-256: c4759efaed3b5ddbdd68b99f535e8c74099f2cf198a5e69b0fa8f43c171e11db
    Size: 200.14 kB
  17. ipa-server-trust-ad-4.9.13-9.module+el8+1771+fe91f538.x86_64.rpm
    MD5: b631ac282f13c22eaf95daeea9274501
    SHA-256: ec0e12f5511f410da65b3597424108e3b0fc06856f04f5b7e0cadf3d319864aa
    Size: 297.44 kB
  18. opendnssec-2.1.7-1.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 4ae30122432b0e1b2dfa38774db0df5e
    SHA-256: d17c79469233dd11b6ef52ccc1074c471ca57f15adc259af5d7fe80cbc25923b
    Size: 472.31 kB
  19. opendnssec-debugsource-2.1.7-1.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 3de86cd20cbf9ffa1ed21eb492780b18
    SHA-256: fee753301908a5001741e4f256054ddae9e6f0a23299599fcc0f9c36047c8ebd
    Size: 405.93 kB
  20. python3-custodia-0.6.0-3.module+el8+1771+fe91f538.noarch.rpm
    MD5: 6cf8c35f4276d1891a82f40c93d5fb4e
    SHA-256: 7c5bac61e5ff8171097e426857cb6b8bc442efdc4c7d00d1740295cedfce71b4
    Size: 120.08 kB
  21. python3-ipaclient-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: d4cd6531d81c4200337f63520eb107a0
    SHA-256: f4053f1a20360e40cf17192be3acc288f65d4fd800baf8885e5969aae178e867
    Size: 693.68 kB
  22. python3-ipalib-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 1a31386a9457396adfabbf58ceeea762
    SHA-256: 7cdee374c0f78ad0cfc4e26ba3a7e211d110daf6ce3cac270033cb26572a5827
    Size: 768.47 kB
  23. python3-ipaserver-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 920927875cb81e1b10accb76f97c8e9a
    SHA-256: a8132745d3b86c91a6236692c5ee20b5e0297edd487234a3b8e6e78825407694
    Size: 1.66 MB
  24. python3-ipatests-4.9.13-9.module+el8+1771+fe91f538.noarch.rpm
    MD5: 3abe7ac1e0f0fac456baa4b2cc441def
    SHA-256: 08361e5b2d3abbaaef31031c8b5bdc769cda2ffba526ccddcb7777e147dfab36
    Size: 1.73 MB
  25. python3-jwcrypto-0.5.0-2.module+el8+1771+fe91f538.noarch.rpm
    MD5: 82dc4d17f60f434947afff1aa089752a
    SHA-256: 20464aad91b657adfaba1545840f15d5fdbc16f65e2ac3a7acc29d18b7f5f845
    Size: 64.91 kB
  26. python3-kdcproxy-0.4-5.module+el8+1771+fe91f538.noarch.rpm
    MD5: e642b50c8869e801bb9cb766af58b773
    SHA-256: 9f16e124d1809925c4e1a45b746ca5d241da343c93d9d4f803edbb7fcf2bd253
    Size: 37.94 kB
  27. python3-pyusb-1.0.0-9.1.module+el8+1771+fe91f538.noarch.rpm
    MD5: c749db4e98452c576b43a0964001e169
    SHA-256: 0b42ae7e24bf12bc0974035a13fb9145c50fbb6e974ef3a30eaca0429c87b93c
    Size: 86.86 kB
  28. python3-qrcode-5.1-12.module+el8+1771+fe91f538.noarch.rpm
    MD5: 9c57fbb63f41a3878e5fb30c5d7d1d1a
    SHA-256: 0f29bb9f450ebb6987daf4e0f140802569e05f773caf5f8e300cc892803805ac
    Size: 16.31 kB
  29. python3-qrcode-core-5.1-12.module+el8+1771+fe91f538.noarch.rpm
    MD5: 71c47f47cf5f14b2fdfcf1a7b2ffe717
    SHA-256: 47d8a7cdae8348011041f8a29305a4b18410acce0da648043b8ade3053fdf807
    Size: 44.43 kB
  30. python3-yubico-1.3.2-9.1.module+el8+1771+fe91f538.noarch.rpm
    MD5: b108fcb4e43cc4578238bd5c30d8b26a
    SHA-256: ee106ea617c2de5277d4e47a41977ce131edd6c8951e5033d5e379c22005b264
    Size: 62.22 kB
  31. slapi-nis-0.60.0-4.module+el8+1771+fe91f538.ML.1.x86_64.rpm
    MD5: 230abbb6974f95d8fd01c3a0ff233cab
    SHA-256: 2384f4f3071e270f6f3be90e43a6d257daf020184d4a3e2b75596f620c1a8ada
    Size: 159.72 kB
  32. slapi-nis-debugsource-0.60.0-4.module+el8+1771+fe91f538.ML.1.x86_64.rpm
    MD5: d4f3aa3426747ac9a05918ac17f861ac
    SHA-256: a216a87b15d37b5331b60ccf6bf0d42fd7173952e1f97981ca299f7e1ef4894c
    Size: 135.21 kB
  33. softhsm-2.6.0-5.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 5a5161a802fd500d371d10a2bbe6ee6e
    SHA-256: 99ccea494ce65ffdc265f5b0b57a0e75d6027bd34eed0a754d3d32412251dd8a
    Size: 429.86 kB
  34. softhsm-debugsource-2.6.0-5.module+el8+1771+fe91f538.x86_64.rpm
    MD5: 2a3d9d2c8f608100475316f2f2711450
    SHA-256: ef03eaa577421269d84619fe75a6518d2c09679fc0bc772645f462f186c77615
    Size: 203.52 kB
  35. softhsm-devel-2.6.0-5.module+el8+1771+fe91f538.x86_64.rpm
    MD5: face072b280336dc002f8fc440953a95
    SHA-256: 67fbfbbcf1d91a3c88495502a9ff664324ff70ddbdb9b5b52f3c942544ee3533
    Size: 20.48 kB