openssl097a-0.9.7a-9.AXS3.2
エラータID: AXSA:2010-157:01
リリース日:
2010/03/26 Friday - 15:53
題名:
openssl097a-0.9.7a-9.AXS3.2
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Secure Sockets Layer (SSL) および Transport Layer Security (TLS) プロトコルには、renegotiation 機能に脆弱性が存在します。(CVE-2009-3555)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
追加情報:
N/A
ダウンロード:
SRPMS
- openssl097a-0.9.7a-9.AXS3.2.src.rpm
MD5: 3d4171e0d12e4753a7057f1693f38b69
SHA-256: 8b3838f700a875cdcbd1395735e1d5c0b6de73019b6f0089e37991de8b93fa5e
Size: 2.65 MB
Asianux Server 3 for x86
- openssl097a-0.9.7a-9.AXS3.2.i386.rpm
MD5: dff31e1a3b630b8e5900e00f586b4a14
SHA-256: 145e8fd98600420c5c86d162708dae2c7701369a49032f50304d230ca3d1185d
Size: 822.52 kB
Asianux Server 3 for x86_64
- openssl097a-0.9.7a-9.AXS3.2.x86_64.rpm
MD5: 06d505e2fcad2727f894578131f6d041
SHA-256: 645f212543c368162a8468dcb822699d9da91b92b233d149b51a78d7ab114e48
Size: 823.75 kB