grafana-pcp-5.1.1-9.el8_10
エラータID: AXSA:2024-9021:07
リリース日:
2024/11/18 Monday - 15:13
題名:
grafana-pcp-5.1.1-9.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の FIPS モードには、初期化されていないサイズが設定
されたバッファーを返してしまう不備に起因して、ハッシュ値
を誤って比較してしまう問題があるため、ローカルの攻撃者
により、不正な認証、および情報の漏洩などを可能とする
脆弱性が存在します。(CVE-2024-9355)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
追加情報:
N/A
ダウンロード:
SRPMS
- grafana-pcp-5.1.1-9.el8_10.src.rpm
MD5: c24593b3c5829ed10a06e6072cd33b8a
SHA-256: 87e4ca671642babae2fb4e65c59d99dc3a04d5eddb60130f9a443f51eca6cbf6
Size: 59.22 MB
Asianux Server 8 for x86_64
- grafana-pcp-5.1.1-9.el8_10.x86_64.rpm
MD5: c18b708360e58fa49382046165956ea8
SHA-256: 8fda4fd08e963d6df2745b9bf123beb34b05d92e3ee1116fbd8e2786fa5d1b0d
Size: 10.71 MB
English