golang-1.8.3-1.el7
エラータID: AXSA:2017-2315:02
リリース日:
2017/10/16 Monday - 02:32
題名:
golang-1.8.3-1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の amd64 アーキテクチャ向けの P-256 楕円曲線 の標準ライブラリ
ScalarMult 実装にはバグが存在し,静的な ECDH に対する完全なキー回復
攻撃につながる脆弱性があります。(CVE-2017-8932)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
追加情報:
N/A
ダウンロード:
SRPMS
- golang-1.8.3-1.el7.src.rpm
MD5: 838cae4e6ee193cc040f58bd9d266c01
SHA-256: fcc2887d7cafcc12c74403e0a4b6dae2cdf3cc04206bf851076da93d95ad6b40
Size: 14.58 MB
Asianux Server 7 for x86_64
- golang-1.8.3-1.el7.x86_64.rpm
MD5: 06201e294657e11973a84d9fefdfd227
SHA-256: 1d57a9052bc2717879c21540161e093a30fb95ef3c6761a4806238f2b9a7c37f
Size: 1.18 MB - golang-bin-1.8.3-1.el7.x86_64.rpm
MD5: ae3b83e2fe9db43f61480e68d661a5ef
SHA-256: 054daec2ca0d2094af0154052448cc3d460e0844a532335240b3e8fc07ec6729
Size: 46.03 MB - golang-docs-1.8.3-1.el7.noarch.rpm
MD5: 1b5b8a9300316d174cd152d4d4bbaa3c
SHA-256: 24e3056757933866ce39076b4b934e47ca8ef6acf11d5272ff59b1aaae0c8b8f
Size: 2.34 MB - golang-misc-1.8.3-1.el7.noarch.rpm
MD5: 816886f9c60c44157617a850b1fdf746
SHA-256: 654554aef87bb72a67abca49ba2f21d9e124ecaf15372ce47eb5eb71cb7912f9
Size: 547.89 kB - golang-src-1.8.3-1.el7.noarch.rpm
MD5: 4cfc45a615bed0b35ac7f943f29b84f2
SHA-256: fe9d27413da9a0aa987ba51efd213f13da1eaeab14b8005e09431ae1511cecad
Size: 4.76 MB - golang-tests-1.8.3-1.el7.noarch.rpm
MD5: 23d46500091a226c8c7610f3ee53fe0b
SHA-256: 078082df288e790cfbc181c0809120703a4e814f0b91c671dd264916730b741f
Size: 4.88 MB