openssl-1.0.2k-26.0.1.el7.AXS7

エラータID: AXSA:2024-8619:05

リリース日: 
2024/07/29 Monday - 18:22
題名: 
openssl-1.0.2k-26.0.1.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The OpenSSL toolkit provides support for secure communications between machines.
OpenSSL includes a certificate management tool and shared libraries which
provide various cryptographic algorithms and protocols.

Security Fix(es):

* CVE-2023-0215: bio_ndef: fix a UAF resulting from a bug in BIO_new_NDEF
* CVE-2023-0464: x509v3: Limit X.509 certificate tree size to avoid exponential
use of computational resources

CVE(s):
CVE-2023-0464
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
CVE-2023-0215
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

解決策: 

Update packages.

CVE: 
CVE-2023-0215
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
CVE-2023-0464
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. openssl-1.0.2k-26.0.1.el7.AXS7.x86_64.rpm
    MD5: 0e28b73cd1b25314f52ad7e8ca4c7542
    SHA-256: fdbd0aa2d6398653e31d4c548c2772dc5db04dd0cee390ba20c1875980e6c454
    Size: 494.08 kB
  2. openssl-devel-1.0.2k-26.0.1.el7.AXS7.i686.rpm
    MD5: e6946cf8db3605d57328176cae2cd85f
    SHA-256: 7a7175bb4b6b1479ebb8698670eb2b75cca753f963a1bd3779fd85c43f79d2c3
    Size: 1.51 MB
  3. openssl-devel-1.0.2k-26.0.1.el7.AXS7.x86_64.rpm
    MD5: c0799ea79d94907409fa2fdb2ac289a3
    SHA-256: 313e037b48760c292dc46c96b881bf300f4c2452da3b8edb38164b4023324011
    Size: 1.51 MB
  4. openssl-libs-1.0.2k-26.0.1.el7.AXS7.i686.rpm
    MD5: 1d8f5fc6cfe2c963a795b98fa001a124
    SHA-256: c249743c34d30d8bafeb574e45faf3ed4fda0e7c6bd37b77657cea263c57d381
    Size: 0.97 MB
  5. openssl-libs-1.0.2k-26.0.1.el7.AXS7.x86_64.rpm
    MD5: be6985042d4758b8edf94b3ed320b798
    SHA-256: 142b476ced8d17bbb2d8903887b4fb4ffbb13611a80c06da7def5ca3ec30cd8c
    Size: 1.20 MB