Secunia - Forum Thread: Recent PSI issues
Secunia delivers software security research that provides reliable, curated and actionable vulnerability intelligence. Organizations can expect to receive standardized, validated and enriched vulnerability research on a specific version of a software product. Secunia Research supports four solutions:
JVNVU#536044: OpenSSL ã«ãŠã‘ã‚‹ ECDSA 秘密éµãŒæ¼ãˆã„ã—ã¦ã—ã¾ã†å•é¡Œ
OpenSSL 㧠ECDSA ã«ã‚ˆã‚‹èªè¨¼æ–¹å¼ã‚’実装ã—ã¦ã„る製å“ãŒæœ¬è„†å¼±æ€§ã®å½±éŸ¿ã‚’å—ã‘ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ 詳ã—ã㯠US-CERT Vulnerability Note VU#536044 ãŒæä¾›ã™ã‚‹æƒ…å ±ã‚’ã”確èªãã ã•ã„。 OpenSSL を実装ã—ãŸè¤‡æ•°ã®è£½å“ã«ã¯ã€ã‚¿ã‚¤ãƒŸãƒ³ã‚°æ”»æ’ƒ (timing attack) ã«ã‚ˆã£ã¦ ECDSA ã®ç§˜å¯†éµãŒæ¼ãˆã„ã™ã‚‹å•é¡ŒãŒå˜åœ¨ã—ã¾ã™ã€‚ "Remote Timing Attacks are Still Practical" ã«ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ã«è¨˜è¿°ã•ã‚Œã¦ã„ã¾ã™ã€‚ "For over two decades, timing attacks have been an active area of research within applied cryptography. These attacks exploit cryptosystem or protoc
OpenSSH æƒ…å ± - [Security][OpenSSL] OpenSSLã®ECDSA実装ã«è„†å¼±æ€§
OpenSSHã§åˆ©ç”¨ã—ã¦ã„るライブラリOpenSSL ã« JVNVU#536044: OpenSSL ã«ãŠã‘ã‚‹ ECDSA 秘密éµãŒæ¼ãˆã„ã—ã¦ã—ã¾ã†å•é¡Œ ãŒå ±å‘Šã•ã‚Œã¦ã„ã¾ã™. OpenSSHã®ECDSAã®å®Ÿè£…ã¯OpenSSLã®ã‚‚ã®ã‚’利用ã—ã¦ã„ã‚‹ã®ã§, OpenSSHã§ã®ECDSAã®åˆ©ç”¨ã§ã‚‚影響ãŒã‚ã‚‹å¯èƒ½æ€§ãŒé«˜ã„ã§ã™. ç¾åœ¨ã®ã¨ã“ã‚ ECDSA を利用ã—ãªã„以外ã®å¯¾å‡¦æ³•ã¯ã‚ã‚Šã¾ã›ã‚“. 2011/05/23追記: Security of OpenSSL ECDSA signaturesã«ã‚ˆã‚‹ã¨ This result concerns binary/GF(2m) fields only and not the prime fields that OpenSSH uses in recent versions. Unless a similar timing oracle is found fo
OpenSSH æƒ…å ± - [Security][OpenSSL][Release] OpenSSL 0.9.8q, 1.0.0c リリース
2010/12/03 - [Security][OpenSSL][Release] OpenSSL 0.9.8q, 1.0.0c リリース 2010/12/02, OpenSSHã§åˆ©ç”¨ã—ã¦ã„るライブラリOpenSSL ã«0.9.8q, 1.0.0c ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¾ã—ãŸ. . SSL/TLS サーãƒæ‹¡å¼µã«ã‚ã£ãŸæš—å·ãŒãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ã•ã‚Œã‚‹æ”»æ’ƒã¸ã®å¯¾å‡¦ã¨(デフォルトã§ã¯æœ‰åŠ¹ã§ã¯ãªã„)JPAKE実装ã®æ¤œè¨¼ã§ã®å•é¡ŒãŒä¿®æ£ã•ã‚Œã¦ã„ã¾ã™(OpenSSL Security Advisory [2 December 2010]). OpenSSHを利用ã—ã¦ã„ã‚‹å ´åˆã«, ã“れらã®å•é¡ŒãŒæ”»æ’ƒã«åˆ©ç”¨ã•ã‚Œã‚‹ã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“(2010/12/07追記: OpenSSHã®JPAKE実装を有効ã«ã—ã¦ã„ã‚‹å ´åˆã¯å•é¡Œã‹ã‚‚ã—ã‚Œã¾ã›ã‚“. JPAKEã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯æœ‰åŠ¹ã§ã¯ã‚ã‚Šã¾ã›ã‚“. OpenSSHã®JPAKE実装ã«ã‚‚å•é¡ŒãŒå ±
OpenSSH æƒ…å ± - [Security][OpenSSL][Release] OpenSSL 0.9.8p, 1.0.0b リリース
2010/11/17 - [Security][OpenSSL][Release] OpenSSL 0.9.8p, 1.0.0b リリース 2010/11/16, OpenSSHã§åˆ©ç”¨ã—ã¦ã„るライブラリOpenSSL ã«0.9.8p, 1.0.0b ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¾ã—ãŸ. . TLS サーãƒæ‹¡å¼µã«ã‚ã£ãŸã‚»ã‚ュリティã®å•é¡ŒãŒä¿®æ£ã•ã‚Œã¦ã„ã¾ã™(OpenSSL Security Advisory [16 November 2010]). (2010/12/07追記: 1.0.0bã§ã®ä¿®æ£ã¯ä¸å…·åˆãŒã‚ã‚Š 1.0.0c ã§ä¿®æ£ã•ã‚ŒãŸã¨ã®ã“ã¨ã§ã™.) OpenSSHを利用ã—ã¦ã„ã‚‹å ´åˆã«, ã“れらã®å•é¡ŒãŒæ”»æ’ƒã«åˆ©ç”¨ã•ã‚Œã‚‹ã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“.
Apache APR "apr_fnmatch()" Pattern Processing Denial of Service Vulnerability - Advisories - Community
Main navigation Solutions Column 1 Business challenge Software renewals and audits Software license management and optimization SaaS spend management Cloud cost management IT asset lifecycle management CMDB data quality Accurate IT inventory Security and regulatory risk management Sustainable IT AI-powered transformation Public sector Column 2 Spend management by vendor IBM Oracle Microsoft SAP VM
598732 – (CVE-2010-1633) CVE-2010-1633 openssl: information leak due to invalid Return value check
ã‚»ã‚ュリティホール memo - 2010.06
》 「FirstPassã€ï¼ˆãƒ•ã‚¡ãƒ¼ã‚¹ãƒˆãƒ‘ス)ã®ã‚µãƒ¼ãƒ“ス終了 (NTT ドコモ, 6/30)。ã„ã‚„ã‚ã€PKI ã£ã¦ã€æœ¬å½“ã«é§„ç›®ã§ã™ã。 「FirstPassã€ã¯ã€FOMAã«ãŠã‘ã‚‹ä¼æ¥ã®ã‚¤ãƒ³ãƒˆãƒ©ãƒãƒƒãƒˆã‚„ECサイトãªã©ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’ã€ã‚ˆã‚Šå®‰å¿ƒãƒ»å®‰å…¨ã«ã”利用ã„ãŸã ã‘るサービスã¨ã—ã¦æä¾›ã—ã¦ã¾ã„ã‚Šã¾ã—ãŸãŒã€ãŠå®¢æ§˜ãƒ‹ãƒ¼ã‚ºã®å¤‰åŒ–ã«ã‚ˆã‚‹ã”利用者ã®æ¸›å°‘ãªã©ã€äº‹æ¥ç’°å¢ƒã®å¤‰åŒ–ã‚’è¸ã¾ãˆã€ã“ã®ãŸã³çµŒå–¶è³‡æºã‚’集ä¸ã™ã¹ãサービスを終了ã™ã‚‹ã“ã¨ã¨ã„ãŸã—ã¾ã—ãŸã€‚ (ä¸ç•¥) 「FirstPassã€ã®ã‚µãƒ¼ãƒ“ス終了日 : 2012å¹´8月31日(金曜) 》 マカフィーã€ã€Œè¦ªã®çŸ¥ã‚‰ãªã„åä¾›ã®ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ç”Ÿæ´»ã€ãƒ¬ãƒãƒ¼ãƒˆã‚’発表 米国ã®åä¾›ã®ç´„åŠæ•°ãŒã€å€‹äººæƒ…å ±ã‚’ä»–äººã¨å…±æœ‰ã—ã¦ã„ã‚‹ã“ã¨ãŒæ˜Žã‚‰ã‹ã« (マカフィー, 6/30)。米国ã§ã®çŠ¶æ³ã€‚ 》 USB メモリ ãƒãƒƒãƒ•ã‚¡ãƒãƒ¼ã€å€‹äººå‘ã‘ã«ã‚¦ã‚¤ãƒ«ã‚¹å¯¾ç–機能æ載ã®USBãƒ¡ãƒ¢ãƒªãƒ¼æ–°è£½å“ (Interne
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
About Secunia Research | Flexera
PostgreSQL, OpenSSL, and the GPL [LWN.net]
About Secunia Research | Flexera
https://www.openssl.org/news/secadv_20110208.txt
https://www.openssl.org/news/secadv_20101116.txt
https://www.openssl.org/news/secadv_20101202.txt
About Secunia Research | Flexera
About Secunia Research | Flexera
An OpenSSL race condition [LWN.net]
607159 – Continuing libgcrypt threading issue
598737 – CVE-2010-1633 openssl: information leak due to invalid Return value check [fedora-13]
598740 – CVE-2010-0742 openssl: invalid ASN1 module definition for CMS [fedora-all]
{{#tags}}- {{label}}
{{/tags}}