Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASECS-2023-008

Related Vulnerabilities: CVE-2023-29409  

2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. (CVE-2023-29409)

Source

ALASECS-2023-008

Amazon Linux 2 Security Advisory: ALASECS-2023-008
Advisory Release Date: 2023-09-27 23:00 Pacific
Advisory Updated Date: 2023-10-18 19:15 Pacific
Severity: Medium
Issue Overview:

2023-10-11: The severity level was changed from Important to Medium.

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. (CVE-2023-29409)


Affected Packages:

containerd


Issue Correction:
Run yum update containerd to update your system.

New Packages:
aarch64:
    containerd-1.6.19-1.amzn2.0.3.aarch64
    containerd-stress-1.6.19-1.amzn2.0.3.aarch64
    containerd-debuginfo-1.6.19-1.amzn2.0.3.aarch64

src:
    containerd-1.6.19-1.amzn2.0.3.src

x86_64:
    containerd-1.6.19-1.amzn2.0.3.x86_64
    containerd-stress-1.6.19-1.amzn2.0.3.x86_64
    containerd-debuginfo-1.6.19-1.amzn2.0.3.x86_64

Additional References

Red Hat: CVE-2023-29409

Mitre: CVE-2023-29409

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started