Monero Project는 Open을 업데이트하는 CLI 및 GUI 소프트웨어에 대한 업데이트를 발표하였다.
업데이트 내용에선 크게
SSL 및 "P2P 네트워크 계층 개선" 제공이 포함되었으며
GUI 릴리스는 네트워크 계층 개선사항 포함 이외에도 16개의 커밋과 51개의 코드로 이루어진 상당히 작은 업데이트다.
업데이트 내용에는 다음과 같다.
- 첫 시작 시 바탕 화면 바로 가기 쓰기 요청(Linux)
- 지갑 초기화 플래그 처리 수정
- "트랜잭션 전송" 스플래시 복구
- QML 캐시 사용 안 함
- 사소한 버그 수정
CLI 업데이트는 154개의 새로운 코드를 포함하는 24개의 커밋을 가지고 있었다.
업데이트의 주요 내용은 다음과 같다.
- P2P: 체인 진입 응답에 첫 번째 새 블록 포함
- P2P: 체인 입력 응답에 대한 보다 제한적인 점검
- –sync-prunned-blocks 플래그와 동기화 수정
- OpenSSL을 1.1.1i로 업데이트하여 최근에 노출된 취약성 수정
두 업데이트 모두 getmonero.org 다운로드 페이지에서 제공하고 있으며
영어 원문을 원하면 아래 도메인을 참고하면 된다.: getmonero.org/downloads
EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
======================================================
Severity: High
The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
authority name (exposed via the API functions TS_RESP_verify_response and
TS_RESP_verify_token)
If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools
======================================================
OpenSSL Security Advisory [08 December 2020]
============================================
EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
======================================================
Severity: High
The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
authority name (exposed via the API functions TS_RESP_verify_response and
TS_RESP_verify_token)
If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools.
Note that an unrelated bug means that affected versions of OpenSSL cannot parse
or construct correct encodings of EDIPARTYNAME. However it is possible to
construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack.
All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL
releases are out of support and have not been checked.
OpenSSL 1.1.1 users should upgrade to 1.1.1i.
OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium
support customers of OpenSSL 1.0.2 should upgrade to 1.0.2x. Other users should
upgrade to OpenSSL 1.1.1i.
This issue was reported to OpenSSL on 9th November 2020 by David Benjamin
(Google). Initial analysis was performed by David Benjamin with additional
analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell.
Note
====
OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html
OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of this issue on OpenSSL 1.1.0 has not been analysed.
Users of these versions should upgrade to OpenSSL 1.1.1.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20201208.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.htmlOpenSSL Security Advisory [08 December 2020]
============================================
EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
======================================================
Severity: High
The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
authority name (exposed via the API functions TS_RESP_verify_response and
TS_RESP_verify_token)
If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools.
Note that an unrelated bug means that affected versions of OpenSSL cannot parse
or construct correct encodings of EDIPARTYNAME. However it is possible to
construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack.
All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL
releases are out of support and have not been checked.
OpenSSL 1.1.1 users should upgrade to 1.1.1i.
OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium
support customers of OpenSSL 1.0.2 should upgrade to 1.0.2x. Other users should
upgrade to OpenSSL 1.1.1i.
This issue was reported to OpenSSL on 9th November 2020 by David Benjamin
(Google). Initial analysis was performed by David Benjamin with additional
analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell.
Note
====
OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html
OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
The impact of this issue on OpenSSL 1.1.0 has not been analysed.
Users of these versions should upgrade to OpenSSL 1.1.1.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20201208.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html728x90
반응형
'Security' 카테고리의 다른 글
| 도커 컨테이너 내 에서 악의적인 행위를 하는 케이스 및 사례 (0) | 2021.03.31 |
|---|---|
| 보안관제 및 수행원칙과 관련된 정보 및 Tip (0) | 2021.03.28 |
| 전자정보 압수수색 시대 ‘죄’ 밝힐 정보만? 현실은 ‘인생’ 정보 통째로 압수 (0) | 2021.03.24 |
| 경제협력개발기구(OECD) "소스코드는 곧 취약점…쉬쉬해선 안돼" (0) | 2021.03.22 |
| AP IN FOR (0) | 2021.03.22 |
WRITTEN BY
- J cert
Freedom of Liberty and the establishment of a law to establish the law of cyberspace will defend freedom and try to build a just society.
,
