krb5-1.18.2-30.el8_10
エラータID: AXSA:2024-8967:06
リリース日:
2024/11/07 Thursday - 19:00
題名:
krb5-1.18.2-30.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- RFC 2865 に規定された RADIUS プロトコルには、MD5 Response
Authenticator 署名に対する選択的なプレフィクス衝突攻撃に起因
して有効なレスポンス (Access-Accept、Access-Reject、または
Access-Challenge) を他のレスポンスに改竄できてしまう問題が
あるため、リモートの攻撃者により、細工された UDP の RADIUS
レスポンスパケットの送信を介して、不正な認証を可能とする
脆弱性が存在します。(CVE-2024-3596)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
追加情報:
N/A
ダウンロード:
SRPMS
- krb5-1.18.2-30.el8_10.src.rpm
MD5: 157ca503d7181687aff7e9d98e699b57
SHA-256: 9606bfd3d1be61e5d4eed569a377996c82101db5982b29740b0c60be73e2c6af
Size: 9.90 MB
Asianux Server 8 for x86_64
- krb5-devel-1.18.2-30.el8_10.i686.rpm
MD5: 138216f271590ae18776c29f2afbbd8c
SHA-256: 98eaaa56f95f943701a0f58679ecc6dd5b11a87871b47c69b96285d24937893a
Size: 561.29 kB - krb5-devel-1.18.2-30.el8_10.x86_64.rpm
MD5: 0cb2e343aeeb215f3a08a8be41b65847
SHA-256: 887ba61ee255778eae926a90cb0a78f9a407d85f0cbffd1c5740c5855c2db528
Size: 561.61 kB - krb5-libs-1.18.2-30.el8_10.i686.rpm
MD5: 6928f046ab4b55e79467432df54bc257
SHA-256: b997a7145900dd8b9e3d1995cd7964ea94500ca0b0b0e9bd676b810a42c2a62a
Size: 908.45 kB - krb5-libs-1.18.2-30.el8_10.x86_64.rpm
MD5: b00b760d10896e7733dff9092559f031
SHA-256: 52bb57bfdc6f2f09c4585d1a855a0ab8555d1700cc12a3bb9eb8771b09319d4f
Size: 843.90 kB - krb5-pkinit-1.18.2-30.el8_10.i686.rpm
MD5: c43b5dc9edf20ae11838cb8404d142ab
SHA-256: 426a4f9a7dd04216256e85c731dc2f70a4a2e9d1d59364781e95c43954d8e16d
Size: 178.75 kB - krb5-pkinit-1.18.2-30.el8_10.x86_64.rpm
MD5: 31bc3f3d04eaa6a5952b4296ae4863fb
SHA-256: 61c6dd9e6edff748ac1ad69da94febbd363727e737a7953e00f45b1dcd1ffed2
Size: 173.57 kB - krb5-server-1.18.2-30.el8_10.i686.rpm
MD5: c0d340d532d7848ba54c7f2c1ea5fec7
SHA-256: c37da11cf363dcaa1e9b45a4a36acb38bd3627170fb91dbec52fe29639558402
Size: 1.09 MB - krb5-server-1.18.2-30.el8_10.x86_64.rpm
MD5: 2569f53d746c785a6175a7be14d7ac91
SHA-256: 33b98c242c2e3c44b106c0d3c6354fca3f070607b9263c0522c5cb6561274a57
Size: 1.07 MB - krb5-server-ldap-1.18.2-30.el8_10.i686.rpm
MD5: 6b93289bbb8dc3f71a0cd26f9238ff68
SHA-256: 28dbbbe0092aa5f9e8380c11a09a089f6fe389c79cdcf9e17ba92e7a7e06bc80
Size: 211.70 kB - krb5-server-ldap-1.18.2-30.el8_10.x86_64.rpm
MD5: 53d5bce7935681560974c423692b5e0a
SHA-256: e8a57162a8c44511c5dc9304f20854a826c0aa47abd2566584bcb06811700567
Size: 205.99 kB - krb5-workstation-1.18.2-30.el8_10.x86_64.rpm
MD5: 78defd35c2ab31d4c5e1fcc6137ffc1f
SHA-256: 5bbcbc95e78796def1075fcb580e76b3dfcc64d381c267aec8cbc0933237f741
Size: 957.77 kB - libkadm5-1.18.2-30.el8_10.i686.rpm
MD5: 3c399d28b034e7f88e55306ad2741fb0
SHA-256: 85614ac9957e815a7b837ec4943c1216a659981f0f6b6b7cb2fdf7d952c3148a
Size: 191.88 kB - libkadm5-1.18.2-30.el8_10.x86_64.rpm
MD5: ca1662a90d60b0c6cf9558ee3eea5a4b
SHA-256: 520c80b8b54b4426c9427ead8f77402a204b156141c78e38aaa95b7a31f8ef36
Size: 187.53 kB
English