安全公告详情

NS-SA-2023-0106

2023-07-14 09:15:19

简介

moderate: p11-kit security update

严重级别

moderate

主题

An update for p11-kit is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

p11-kit: p11-kit provides a way to load and enumerate PKCS#11 modules, as well as a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable.


Security Fix(es):
p11-kit: An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.(CVE-2020-29361)
p11-kit: An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.(CVE-2020-29362)
p11-kit: An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.(CVE-2020-29363)
p11-kit: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.E0B4.

影响组件

  • p11-kit

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["p11-kit-debugsource-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-debuginfo-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-server-debuginfo-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-trust-debuginfo-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-trust-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-devel-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm","p11-kit-server-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm"],"source":"p11-kit-0.23.22-1.el8.cgslv6_2.2.g371b9a2.src.rpm"}]}]}
CGSL MAIN 6.02
  • p11-kit-0.23.22-1.el8.cgslv6_2.2.g371b9a2.src.rpm
    • p11-kit-debugsource-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-debuginfo-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-server-debuginfo-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-trust-debuginfo-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-trust-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-devel-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm
    • p11-kit-server-0.23.22-1.el8.cgslv6_2.2.g371b9a2.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108