openssl-1.0.0-27.AXS4.2
エラータID: AXSA:2013-168:01
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Security issues fixed with this release:
• CVE-2012-4929
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
• CVE-2013-0166
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
• CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Update packages.
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
N/A
SRPMS
- openssl-1.0.0-27.AXS4.2.src.rpm
MD5: 8969f729d2abac4e0e1465c4663cfc44
SHA-256: d2b11f12c5a93fd40ff23b0ca924e7fb414858749a510daf1548fabb23362292
Size: 3.28 MB
Asianux Server 4 for x86
- openssl-1.0.0-27.AXS4.2.i686.rpm
MD5: f10e1074f8431bdae02a2463b320608e
SHA-256: 898145eaa75b573d70e888ee8d32a18ccce239d69086b1020936824597ec0f75
Size: 1.37 MB - openssl-devel-1.0.0-27.AXS4.2.i686.rpm
MD5: c351bffa5933205c09912e10e46cc673
SHA-256: 8b859c6b0622dcf7c5d1e4f0e302ae11fa7b504e8868fbf0f951b8e75b3d9ffc
Size: 1.15 MB
Asianux Server 4 for x86_64
- openssl-1.0.0-27.AXS4.2.x86_64.rpm
MD5: 18fd2c96e8b355571570cd0b63f1715c
SHA-256: 873760b2fe2046aa98784e87cecaa934f96ae72da120118619299c6c6ecb2034
Size: 1.36 MB - openssl-devel-1.0.0-27.AXS4.2.x86_64.rpm
MD5: 5bab989dcd8c43527acc2d88568555b0
SHA-256: 5d49a155a204d54a0906f4a6b820e4966c30de1de98823e7c2ca41a16f40be40
Size: 1.15 MB - openssl-1.0.0-27.AXS4.2.i686.rpm
MD5: f10e1074f8431bdae02a2463b320608e
SHA-256: 898145eaa75b573d70e888ee8d32a18ccce239d69086b1020936824597ec0f75
Size: 1.37 MB - openssl-devel-1.0.0-27.AXS4.2.i686.rpm
MD5: c351bffa5933205c09912e10e46cc673
SHA-256: 8b859c6b0622dcf7c5d1e4f0e302ae11fa7b504e8868fbf0f951b8e75b3d9ffc
Size: 1.15 MB
日本語