openssl-1.0.1e-30.AXS4.9
エラータID: AXSA:2015-149:04
Release date:
Friday, June 5, 2015 - 16:17
Subject:
openssl-1.0.1e-30.AXS4.9
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
Security issues fixed with this release:
CVE-2015-4000
Solution:
Update package.
CVEs:
CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Additional Info:
N/A
Download:
SRPMS
- openssl-1.0.1e-30.AXS4.9.src.rpm
MD5: 22b57df2a851105b200f3b2943b8a097
SHA-256: 24865d0cbe66dcba7e4aef505653e51d0b85ef9f734035c262d2e19281f74348
Size: 3.05 MB
Asianux Server 4 for x86
- openssl-1.0.1e-30.AXS4.9.i686.rpm
MD5: 534e859b3d7cb8ee26bcd9ce333c990c
SHA-256: faf27f233a646b8e90a3eae89b3a457b339a538c2a4c12541cada549d5eb82be
Size: 1.51 MB - openssl-devel-1.0.1e-30.AXS4.9.i686.rpm
MD5: 48cab1b50e1260224b39c0941a58b331
SHA-256: 05437a326a0f815812238b94225125c19da6e1ab9e324b266e91cd305b5d2ce5
Size: 1.17 MB
Asianux Server 4 for x86_64
- openssl-1.0.1e-30.AXS4.9.x86_64.rpm
MD5: 12d44a694b80be0a07671ed19a0db5bb
SHA-256: 1e56c719464654e2d8b7b14e1cd30262f536c24a16f72a1d0965f247c7081046
Size: 1.52 MB - openssl-devel-1.0.1e-30.AXS4.9.x86_64.rpm
MD5: 5179af8f428fa73f43c492b637349fd7
SHA-256: f7616e2f2a1c1730377d134738df715e5393d6470a5015ca24c94b24b27375a9
Size: 1.17 MB - openssl-1.0.1e-30.AXS4.9.i686.rpm
MD5: 534e859b3d7cb8ee26bcd9ce333c990c
SHA-256: faf27f233a646b8e90a3eae89b3a457b339a538c2a4c12541cada549d5eb82be
Size: 1.51 MB - openssl-devel-1.0.1e-30.AXS4.9.i686.rpm
MD5: 48cab1b50e1260224b39c0941a58b331
SHA-256: 05437a326a0f815812238b94225125c19da6e1ab9e324b266e91cd305b5d2ce5
Size: 1.17 MB