openssl-1.0.1e-16.AXS4.7
エラータID: AXSA:2014-245:02
リリース日:
2014/04/10 Thursday - 13:39
題名:
openssl-1.0.1e-16.AXS4.7
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL の (1) TLS と (2) DTLS 実装は適切に Heartbeat 拡張パケットを扱っておらず,バッファーオーバーリードを引き起こす巧妙に細工されたパケットによって,リモートの攻撃者がプロセスメモリから機密情報を得る脆弱性があります。(CVE-2014-0160)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.0.1e-16.AXS4.7.src.rpm
MD5: 73307504094588d52d36beb6fd496f29
SHA-256: c468379beccbf3b45c50eb8923d507fe053316df5abfb71c85053e407eef7f03
Size: 2.98 MB
Asianux Server 4 for x86
- openssl-1.0.1e-16.AXS4.7.i686.rpm
MD5: 3378b76c687b8e38cfa4394c3e70230d
SHA-256: 3a2eb04227bbed184398099b06a82bf277e1c2c7bc067b075abdfd6b9891c72e
Size: 1.50 MB - openssl-devel-1.0.1e-16.AXS4.7.i686.rpm
MD5: dfeae39acde48f212b1b65c6cf88d7fa
SHA-256: 1fbea7312d3e2a47e3ae977afeb7932cd431da6f551a6cb9de9d98ac27d512c2
Size: 1.16 MB
Asianux Server 4 for x86_64
- openssl-1.0.1e-16.AXS4.7.x86_64.rpm
MD5: 4f6d54d2e912de4b1a77330bf73a01e1
SHA-256: b361eba2affb6734a5072cfedf929bd7c5d4c76f20b5eac51812e1ca60d0b7d7
Size: 1.50 MB - openssl-devel-1.0.1e-16.AXS4.7.x86_64.rpm
MD5: 657f2a355a6bac87b9ea275678171618
SHA-256: ce35622a8937ca3cd1f70360c4916d946374cf5b4e2ec388ec0652b628922d70
Size: 1.16 MB - openssl-1.0.1e-16.AXS4.7.i686.rpm
MD5: 3378b76c687b8e38cfa4394c3e70230d
SHA-256: 3a2eb04227bbed184398099b06a82bf277e1c2c7bc067b075abdfd6b9891c72e
Size: 1.50 MB - openssl-devel-1.0.1e-16.AXS4.7.i686.rpm
MD5: dfeae39acde48f212b1b65c6cf88d7fa
SHA-256: 1fbea7312d3e2a47e3ae977afeb7932cd431da6f551a6cb9de9d98ac27d512c2
Size: 1.16 MB