INFSA-2023:6492: tang security update
Information about definition
Identificator: INFSA-2023:6492
Type: security
Release date: 2025-03-05 17:31:01 UTC
Information about package
Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption (NBDE) project.
Vulnerabilities description
- CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-1672
|
no information | 5.3 | no information |
Updated packages