Bug 2174854 (CVE-2023-26053)
| Summary: | CVE-2023-26053 gradle: usage of long IDs for PGP keys is unsafe and is subject to collision attacks | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Borja Tarraso <btarraso> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, fjuma, ivassile, iweiss, lgao, mosmerov, msochure, msvehla, nwallace, peholase, pjindal, pmackay, rstancel, smaestri, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | gradle 6.9.4, gradle 7.6.1, gradle 8.0 | Doc Type: | --- |
| Doc Text: |
A flaw was found in Gradle when verifying long IDs of 64 bits for PGP keys in the trusted key or PGP element. This flaw allows an attacker to exploit this issue and collision the dependency verification.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-06-29 15:52:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2174844 | ||
|
Description
Borja Tarraso
2023-03-02 14:03:11 UTC
quarkus looks to rebundle gradle in its launcher; amq-st ships a wrapper but not the actual code This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.8 Via RHSA-2023:3809 https://access.redhat.com/errata/RHSA-2023:3809 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-26053 |