compat-openssl10-1.0.2o-4.el8_10.1
エラータID: AXSA:2025-9952:01
リリース日:
2025/05/21 Wednesday - 14:21
題名:
compat-openssl10-1.0.2o-4.el8_10.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL の X.509 の GENERAL_NAME 構造体には、x400Address
メンバの型指定が誤って ASN1_TYPE として宣言されていることに
起因して任意のポインターを memcmp() 関数に引き渡すことができる
問題があるため、リモートの攻撃者により、CRL チェックを有効に
するなどの細工をしたアプリケーションを介して、メモリ領域の
不正な読み取りやサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-0286)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
追加情報:
N/A
ダウンロード:
SRPMS
- compat-openssl10-1.0.2o-4.el8_10.1.src.rpm
MD5: 3005cefd583e9518c246fa6b352e01be
SHA-256: e143a603e4a96d6318efae8e2f4d8056fac4f5c71e7c7c78947bc7dfc256ec0e
Size: 3.51 MB
Asianux Server 8 for x86_64
- compat-openssl10-1.0.2o-4.el8_10.1.i686.rpm
MD5: f3894620212ea667821af7efcd12dc27
SHA-256: 595c1a51da34be6270d832849a7721ff28c62205513735948a6197c07e3712a1
Size: 0.97 MB - compat-openssl10-1.0.2o-4.el8_10.1.x86_64.rpm
MD5: 84af0265d62f133014c07b127c527d75
SHA-256: 853754fefa16feded4f938eaee195b5ad6717dda9e14221fbd65dc0244b79632
Size: 1.13 MB
English