OpenSSL¤Ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²(DoS)¤ÎÀȼåÀ¡¢¼êÆ°¥¢¥Ã¥×¥Ç¡¼¥È¤¬É¬Í×
JPCERT¥³¡¼¥Ç¥£¥Í¡¼¥·¥ç¥ó¥»¥ó¥¿¡¼(JPCERT/CC: Japan Computer Emergency Response Team Coordination Center)¤Ï¤³¤Î¤Û¤É¡¢¡ÖJVNVU#94875946: OpenSSL¤Ë¤ª¤±¤ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¤ÎÀȼåÀ¡ÊSecurity Advisory [16th May 2024]¡Ë¡×¤Ë¤ª¤¤¤Æ¡¢OpenSSL¤Ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²(DoS: Denial of Service)¤ÎÀȼåÀ¤¬Â¸ºß¤¹¤ë¤ÈÅÁ¤¨¤¿¡£
JVNVU#94875946: OpenSSL¤Ë¤ª¤±¤ë¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¡ÊDoS¡Ë¤ÎÀȼåÀ¡ÊSecurity Advisory [16th May 2024]¡Ë
¡ûÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó
ÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£
openssl.org/news/secadv/20240516.txt
ÀȼåÀ¤Î¾ðÊó(CVE)¤Ï¼¡¤Î¤È¤ª¤ê¡£
CVE-2024-4603 - Ĺ²á¤®¤ëDSA¸°¤Þ¤¿¤Ï¥Ñ¥é¥á¡¼¥¿¡¼¤Î³Îǧ¤ËÈó¾ï¤Ë»þ´Ö¤¬¤«¤«¤ë¡£¤½¤Î·ë²Ì¡¢¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¤Ë¤Ä¤Ê¤¬¤ë²ÄǽÀ¤¬¤¢¤ë
¡ûÀȼåÀ¤¬Â¸ºß¤¹¤ëÀ½ÉÊ
ÀȼåÀ¤¬Â¸ºß¤¹¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
OpenSSL 3.3
OpenSSL 3.2
OpenSSL 3.1
OpenSSL 3.0
OpenSSL 1.1.1¤ª¤è¤Ó1.0.2¤Ï¤³¤ÎÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤Ê¤¤¡£
¡ûÀȼåÀ¤¬½¤Àµ¤µ¤ì¤¿À½ÉÊ
ÀȼåÀ¤¬½¤Àµ¤µ¤ì¤¿À½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
OpenSSL 3.3 commit 53ea0648
OpenSSL 3.2 commit da343d06
OpenSSL 3.1 commit 9c39b385
OpenSSL 3.0 commit 3559e868
OpenSSL¤Î³«È¯¼Ô¤ÏÀȼåÀ¤Î¿¼¹ïÅÙ¤òÄ㤤¤Èɾ²Á¤·¤Æ¤ª¤ê¡¢¶ÛµÞ¤Î½¤Àµ¥Ñ¥Ã¥Á¤òÄ󶡤·¤Æ¤¤¤Ê¤¤¡£±Æ¶Á¤ò¼õ¤±¤ë¥·¥¹¥Æ¥à¤ò±¿ÍѤ·¤Æ¤ª¤ê®¤ä¤«¤ËÂкö¤·¤¿¤¤¾ì¹ç¤Ï¡¢GitHub¥ê¥Ý¥¸¥È¥ê¤«¤é¾åµ¤Î½¤ÀµÈÇ¥½¡¼¥¹¥³¡¼¥É¤ò¼èÆÀ¤·¡¢¼êÆ°¤Ç¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ë¡£
¡ûÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó
ÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£
openssl.org/news/secadv/20240516.txt
ÀȼåÀ¤Î¾ðÊó(CVE)¤Ï¼¡¤Î¤È¤ª¤ê¡£
CVE-2024-4603 - Ĺ²á¤®¤ëDSA¸°¤Þ¤¿¤Ï¥Ñ¥é¥á¡¼¥¿¡¼¤Î³Îǧ¤ËÈó¾ï¤Ë»þ´Ö¤¬¤«¤«¤ë¡£¤½¤Î·ë²Ì¡¢¥µ¡¼¥Ó¥¹±¿ÍÑ˸³²¤Ë¤Ä¤Ê¤¬¤ë²ÄǽÀ¤¬¤¢¤ë
¡ûÀȼåÀ¤¬Â¸ºß¤¹¤ëÀ½ÉÊ
ÀȼåÀ¤¬Â¸ºß¤¹¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
OpenSSL 3.3
OpenSSL 3.2
OpenSSL 3.1
OpenSSL 3.0
OpenSSL 1.1.1¤ª¤è¤Ó1.0.2¤Ï¤³¤ÎÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤Ê¤¤¡£
¡ûÀȼåÀ¤¬½¤Àµ¤µ¤ì¤¿À½ÉÊ
ÀȼåÀ¤¬½¤Àµ¤µ¤ì¤¿À½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
OpenSSL 3.3 commit 53ea0648
OpenSSL 3.2 commit da343d06
OpenSSL 3.1 commit 9c39b385
OpenSSL 3.0 commit 3559e868
OpenSSL¤Î³«È¯¼Ô¤ÏÀȼåÀ¤Î¿¼¹ïÅÙ¤òÄ㤤¤Èɾ²Á¤·¤Æ¤ª¤ê¡¢¶ÛµÞ¤Î½¤Àµ¥Ñ¥Ã¥Á¤òÄ󶡤·¤Æ¤¤¤Ê¤¤¡£±Æ¶Á¤ò¼õ¤±¤ë¥·¥¹¥Æ¥à¤ò±¿ÍѤ·¤Æ¤ª¤ê®¤ä¤«¤ËÂкö¤·¤¿¤¤¾ì¹ç¤Ï¡¢GitHub¥ê¥Ý¥¸¥È¥ê¤«¤é¾åµ¤Î½¤ÀµÈÇ¥½¡¼¥¹¥³¡¼¥É¤ò¼èÆÀ¤·¡¢¼êÆ°¤Ç¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ëɬÍפ¬¤¢¤ë¡£