openssl-1.0.1e-60.el7.1
エラータID: AXSA:2017-1298:01
リリース日:
2017/02/20 Monday - 17:05
題名:
openssl-1.0.1e-60.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL のコネクションのハンドシェーク中に TSL/SSL プロトコルが ALERT
パケットの処理を定義する方法にサービス拒否の欠陥があり,リモートの攻撃者が
TLS/SSL サーバの CPU を過剰に消費させ,他のクライアントからのコネクション
を受け付けることに失敗する脆弱性があります。 (CVE-2016-8610)
- 現時点では CVE-2017-3731 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-8610
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
CVE-2017-3731
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.0.1e-60.el7.1.src.rpm
MD5: e44f1e919aaf7388f04410900b9bcc4b
SHA-256: 9f234442722db1c1517e97ebc06fd4a480e2bf14b300b8885c9faf72711dd451
Size: 3.18 MB
Asianux Server 7 for x86_64
- openssl-1.0.1e-60.el7.1.x86_64.rpm
MD5: f1eb1676d4d78a6e6c83e5723d3b00b7
SHA-256: 753ad30b398516b9e6908bd43630b2d6cdc1a0cf91b8c28462b0024e96efbadd
Size: 712.48 kB - openssl-devel-1.0.1e-60.el7.1.x86_64.rpm
MD5: 8558930ff9ea0e80ffbf96fe83489d81
SHA-256: 08ea882233428258545fbe3550e14adb0ff9a12f5a64ff5d608eda9f99d79ce9
Size: 1.18 MB - openssl-libs-1.0.1e-60.el7.1.x86_64.rpm
MD5: 6c7c75bc63f68bf547594cef179b1319
SHA-256: ad255059f4a6ca9fdfd86491d5439a4f6546774dc1ad04355914a441f37be7c9
Size: 957.67 kB - openssl-devel-1.0.1e-60.el7.1.i686.rpm
MD5: e3f16779ca09d55c9f79be9229fc67ae
SHA-256: b043075dfff2602e7d1266b09483c652c566d58ddfb257dd7a7ed83347a47531
Size: 1.18 MB - openssl-libs-1.0.1e-60.el7.1.i686.rpm
MD5: 1a967f51158ec3091d0381f9a62e05ce
SHA-256: 8226c3ca7db838390db99cd1ccf899a891daef0056e979224252ad695afdff64
Size: 944.14 kB
English