Описание
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tang | fixed | 14-1 | package | |
| tang | fixed | 11-2+deb12u1 | bookworm | package |
| tang | fixed | 8-3+deb11u2 | bullseye | package |
Примечания
Fixed by: https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
https://census-labs.com/news/2023/06/15/race-tang/
EPSS
Связанные уязвимости
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
ELSA-2023-7022: tang security and bug fix update (MODERATE)
EPSS