compat-openssl11-1.1.1k-5.el9_6.1
エラータID: AXSA:2025-10498:01
リリース日:
2025/07/16 Wednesday - 21:43
題名:
compat-openssl11-1.1.1k-5.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL の X.509 の GENERAL_NAME 構造体には、x400Address
メンバの型指定が誤って ASN1_TYPE として宣言されていることに
起因して任意のポインターを memcmp() 関数に引き渡すことができる
問題があるため、リモートの攻撃者により、CRL チェックを有効にする
などの細工をしたアプリケーションを介して、メモリ領域の不正な
読み取りやサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-0286)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
追加情報:
N/A
ダウンロード:
SRPMS
- compat-openssl11-1.1.1k-5.el9_6.1.src.rpm
MD5: ad86d9a1fd0f57e0a33451a3f199cc67
SHA-256: de9d4508e15804d0a2303702e8c1a98f3a5eb2587159297fa908d197081d5931
Size: 7.27 MB
Asianux Server 9 for x86_64
- compat-openssl11-1.1.1k-5.el9_6.1.i686.rpm
MD5: 1104ef06dc858749056111a3099e0f80
SHA-256: 9a1513e3193c7dd40192d00818faf0f85b6780cabef27d415a0ae0d92272d95b
Size: 1.44 MB - compat-openssl11-1.1.1k-5.el9_6.1.x86_64.rpm
MD5: b5888eaf96884c31768f8b511a3d383f
SHA-256: 4515eeb9528a08ce6117ded775177b5f09c1acd01073695836833d44e93698e2
Size: 1.45 MB
English