edk2-20231122-6.el9_4.4
エラータID: AXSA:2024-8977:11
リリース日:
2024/11/11 Monday - 11:37
題名:
edk2-20231122-6.el9_4.4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL には、想定する DNS 名、電子メールアドレス、
もしくは IP アドレスを指定して X.509 証明書の名称チェック
処理を実行した際、無効なメモリ領域を読み取ってしまう
問題があるため、リモートの攻撃者により、細工された
X.509 証明書の処理を介して、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-6119)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-6119
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
追加情報:
N/A
ダウンロード:
SRPMS
- edk2-20231122-6.el9_4.4.src.rpm
MD5: f30a241f12f1e5df7ee004f4735ac5fa
SHA-256: fc81a1660c9bdc1e835a8115c5a338386902eb8b257df53b1bd5b4863774b830
Size: 45.52 MB
Asianux Server 9 for x86_64
- edk2-ovmf-20231122-6.el9_4.4.noarch.rpm
MD5: a184e5a77d9d0dfb6e8b19b8759051b6
SHA-256: a0c433cda786d4a8a1a5d804bb65ef0b4e714293d8c8c4f7419b0a85ac4409c0
Size: 6.20 MB - edk2-tools-20231122-6.el9_4.4.x86_64.rpm
MD5: 6a8099bbb714614e400c6f51f89bb08f
SHA-256: e8553257584e409f2a41fe7aaf26c1e77841820d82f47324e2ad351f5145b206
Size: 424.42 kB - edk2-tools-doc-20231122-6.el9_4.4.noarch.rpm
MD5: 2604dd919f87803c68cb69d974993f6c
SHA-256: b0bc759946bc4cc8cacb331d9902abac89bf8d23dd9494a208ad59da860a5f36
Size: 94.98 kB
English