openssl-1.0.1e-42.AXS4.4
エラータID: AXSA:2016-119:02
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
Security issues fixed with this release:
CVE-2015-3197
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f
does not prevent use of disabled ciphers, which makes it easier for
man-in-the-middle attackers to defeat cryptographic protection
mechanisms by performing computations on SSLv2 traffic, related to the
get_client_master_key and get_client_hello functions.
CVE-2016-0702
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-0705
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-0797
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-0800
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
N/A
SRPMS
- openssl-1.0.1e-42.AXS4.4.src.rpm
MD5: e764f6313985437a0cfba0315bcc185a
SHA-256: 70e8790ef0fa6581a9318194a238ee3293f70e4aca0198eb798d79a8f377602b
Size: 3.07 MB
Asianux Server 4 for x86
- openssl-1.0.1e-42.AXS4.4.i686.rpm
MD5: 663d90bf0b4be493d849d4683c3bc029
SHA-256: 00c947d4df885dd0e7a512f396a3e4896e2bdf538e8fe3f87e9b8c3e145c9caa
Size: 1.51 MB - openssl-devel-1.0.1e-42.AXS4.4.i686.rpm
MD5: 8074b387ea4dcfad707176c1b8d1b934
SHA-256: a5696957bec47594d9a160e5bc2336891a9543a16fdec591b217759f5d52a741
Size: 1.17 MB
Asianux Server 4 for x86_64
- openssl-1.0.1e-42.AXS4.4.x86_64.rpm
MD5: 2c6f9d85965896cbce410b21de29383c
SHA-256: 247f8fcf80d15e33335efb2986ff631d20d309253d6475c3e18fa4f4c2084bd4
Size: 1.52 MB - openssl-devel-1.0.1e-42.AXS4.4.x86_64.rpm
MD5: de6ffcac5e560004a2621311c0059cff
SHA-256: 3ac7a06101ce6ee6690fbf44bb8704c18a9560b74b3866bd9df6233d2c661ce1
Size: 1.17 MB - openssl-1.0.1e-42.AXS4.4.i686.rpm
MD5: 663d90bf0b4be493d849d4683c3bc029
SHA-256: 00c947d4df885dd0e7a512f396a3e4896e2bdf538e8fe3f87e9b8c3e145c9caa
Size: 1.51 MB - openssl-devel-1.0.1e-42.AXS4.4.i686.rpm
MD5: 8074b387ea4dcfad707176c1b8d1b934
SHA-256: a5696957bec47594d9a160e5bc2336891a9543a16fdec591b217759f5d52a741
Size: 1.17 MB