Headline
CVE-2023-21265
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "6065b4a4c7da9cc9ee01c2f6389575647d2724c4", "tree": "edc6fbaf591a3e32aa577936efab805f8233fb8a", "parents": [ “45dbcd031d38cd72431580445a9bea773f9e0f95” ], "author": { "name": "Orion Hodson", "email": "[email protected]", "time": “Thu Dec 15 10:04:22 2022 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:56 2023 +0000” }, "message": "Drop TrustCor certificates\n\nINIT Store initialized from system/ca-certificates/files\nREMOVE Android security review\n SHA1 : FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A\n Subject : C\u003dPA, ST\u003dPanama, L\u003dPanama City, O\u003dTrustCor Systems S. de R.L., OU\u003dTrustCor Certificate Authority, CN\u003dTrustCor RootCert CA-1\n Not Before: Feb 4 12:32:16 2016 GMT\n Not After : Dec 31 17:23:16 2029 GMT\nREMOVE Android security review\n SHA1 : B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0\n Subject : C\u003dPA, ST\u003dPanama, L\u003dPanama City, O\u003dTrustCor Systems S. de R.L., OU\u003dTrustCor Certificate Authority, CN\u003dTrustCor RootCert CA-2\n Not Before: Feb 4 12:32:23 2016 GMT\n Not After : Dec 31 17:26:39 2034 GMT\nREMOVE Android security review\n SHA1 : 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD\n Subject : C\u003dPA, ST\u003dPanama, L\u003dPanama City, O\u003dTrustCor Systems S. de R.L., OU\u003dTrustCor Certificate Authority, CN\u003dTrustCor ECA-1\n Not Before: Feb 4 12:32:33 2016 GMT\n Not After : Dec 31 17:28:07 2029 GMT\nIMPORT Starting import from vendor/google/tools/cacerts/certdata.txt\nPROCESS Handling 158 cert requests\nEXPIRING Cert is expiring on May 15 04:52:29 2023 GMT\n SHA1 : D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58\n Subject : C\u003dHK, O\u003dHongkong Post, CN\u003dHongkong Post Root CA 1\n Not Before: May 15 05:13:14 2003 GMT\n Not After : May 15 04:52:29 2023 GMT\nEXPIRING Cert is expiring on Mar 3 12:09:48 2023 GMT\n SHA1 : 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39\n Subject : C\u003dTR, L\u003dAnkara, O\u003dE-Tu\\xC4\\x9Fra EBG Bili\\xC5\\x9Fim Teknolojileri ve Hizmetleri A.\\xC5\\x9E., OU\u003dE-Tugra Sertifikasyon Merkezi, CN\u003dE-Tugra Certification Authority\n Not Before: Mar 5 12:09:48 2013 GMT\n Not After : Mar 3 12:09:48 2023 GMT\nEXPIRING Cert is expiring on Sep 30 04:20:49 2023 GMT\n SHA1 : 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7\n Subject : C\u003dJP, O\u003dSECOM Trust.net, OU\u003dSecurity Communication RootCA1\n Not Before: Sep 30 04:20:49 2003 GMT\n Not After : Sep 30 04:20:49 2023 GMT\n\nSUMMARY\n\n CertRequest\n total count: 158\n add count: 30\n remove count: 124\n trust count: 0\n\n Repository\n total trusted: 136\n roots for import: 137\n intermediate for import: 0\n\n Store (before import)\n total count: 140\n expired: 0\n expiring with 1 year: 3\n\n Store (after import)\n total count: 137\n newly imported: 0\n existing matched by import: 137\n other trusted: 0\n expired: 0\n expiring with 1 year: 3\n\n Store (after cert requests)\n total count: 137\n newly imported: 0\n existing matched by import: 137\n other trusted: 0\n expired: 0\n expiring with 1 year: 3\n\nBug: 262521447\nTest: atest CtsLibcoreTestCases:com.android.org.conscrypt.TrustedCertificateStoreTest\n\n(cherry picked from commit 394a6486d9e6aa9c4a0ebef3fe3c4f5ede63b50f)\n(cherry picked from https://android-review.googlesource.com/q/commit:fb5214798155bf7e5a14bf286a0f3725e69b23d1)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cbc6bbaa091a1217001817023e8859315b8ecc33)\nMerged-In: Id951f8710aff9f9a907f4fc56035533eb6f6b760\nChange-Id: Id951f8710aff9f9a907f4fc56035533eb6f6b760\n", "tree_diff": [ { "type": "delete", "old_id": "51c8ed3b7b8078f19acfae1a62128f0341de9af8", "old_mode": 33188, "old_path": "files/7c302982.0", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": “/dev/null” }, { "type": "delete", "old_id": "50d9e26f58c54b30b45a6c05caed2a305ab87ecd", "old_mode": 33188, "old_path": "files/c2c1704e.0", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": “/dev/null” }, { "type": "delete", "old_id": "e41f666be1771151cdc9eb80171995a05c71ca78", "old_mode": 33188, "old_path": "files/d0cddf45.0", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": “/dev/null” } ] }
Related news
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.