opencryptoki-3.25.0-4.el9_7.2
エラータID: AXSA:2026-359:02
リリース日:
2026/03/30 Monday - 15:24
題名:
opencryptoki-3.25.0-4.el9_7.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- openCryptoki には、シンボリックリンクの解釈処理に問題がある
ため、ローカルの攻撃者により、特権昇格や情報の漏洩を可能とする
脆弱性が存在します。(CVE-2026-23893)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-23893
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. When run as root, the base code handling token directory file access, as well as several openCryptoki tools used for administrative purposes, may reset ownership or permissions on existing files inside the token directories. An attacker with token-group membership can exploit the system when an administrator runs a PKCS#11 application or administrative tool that performs chown on files inside the token directory during normal maintenance. This issue is fixed in commit 5e6e4b4, but has not been included in a released version at the time of publication.
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. When run as root, the base code handling token directory file access, as well as several openCryptoki tools used for administrative purposes, may reset ownership or permissions on existing files inside the token directories. An attacker with token-group membership can exploit the system when an administrator runs a PKCS#11 application or administrative tool that performs chown on files inside the token directory during normal maintenance. This issue is fixed in commit 5e6e4b4, but has not been included in a released version at the time of publication.
追加情報:
N/A
ダウンロード:
SRPMS
- opencryptoki-3.25.0-4.el9_7.2.src.rpm
MD5: 0a6e2416f6c4236058b89073ebfc9f4c
SHA-256: 258efd1176a7d7ada6c7ede9a4c1f101832b4e7605bbc2ff9a3e5519f6000b86
Size: 2.05 MB
Asianux Server 9 for x86_64
- opencryptoki-3.25.0-4.el9_7.2.x86_64.rpm
MD5: 173f628cc66b757815665133188c7ade
SHA-256: 4acea1b7b4ac94a7ee0db6fa8e423505a9863145391dd7c70a5636ac68929ae0
Size: 305.47 kB - opencryptoki-ccatok-3.25.0-4.el9_7.2.x86_64.rpm
MD5: c1adf7cad37d790658923c744dd80606
SHA-256: f9738793603b1a58993f398da696fe489d0ccc86864c857650ffec708388b2f1
Size: 350.27 kB - opencryptoki-devel-3.25.0-4.el9_7.2.i686.rpm
MD5: e1b4916ff431bc8938955de0638eabf3
SHA-256: 621bfa17ed1e189ae89308a729445068257dc5be512091116bfa8047d5432161
Size: 27.00 kB - opencryptoki-devel-3.25.0-4.el9_7.2.x86_64.rpm
MD5: a6e5da616a17888c69bb9bf3ccef04df
SHA-256: 776a6ec68e0911cfe7ceed136033e10b9c77cc09a6d6188d858a754420fd66b3
Size: 26.97 kB - opencryptoki-icsftok-3.25.0-4.el9_7.2.x86_64.rpm
MD5: 44c7a4990f45bb08b642b71d66717c61
SHA-256: 67da35706dd5744e80b9c4d5958d0b2f7532ac4d6048a82abf34e2aaf809102e
Size: 149.86 kB - opencryptoki-libs-3.25.0-4.el9_7.2.i686.rpm
MD5: 61a0a9a1966f7fe1c5bb1839bff7269c
SHA-256: 7b9cf37f4879d584730c5caf549badad4a76453f3be4f697b99c94f285bdf455
Size: 85.15 kB - opencryptoki-libs-3.25.0-4.el9_7.2.x86_64.rpm
MD5: d1647d8f10d8a40a5b765b6ae7fc2a3c
SHA-256: 6d3c62369d8252cb829a0bdbfd9ce243d694507fd2491ba4b55d4d852c1ea1a6
Size: 89.49 kB - opencryptoki-swtok-3.25.0-4.el9_7.2.x86_64.rpm
MD5: 7680b1e235e62fe5dddceef818bc336e
SHA-256: 9c559b944ef69b9a8b98dff7c3ecca2fc31e12896a1a728c8fc350deba1c6cdf
Size: 259.36 kB
English