nixCraft 或 19-Mar-2015: Security Advisory: twelve security fixes
- OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291) – Severity: High
- Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) – Severity: High
- Multiblock corrupted pointer (CVE-2015-0290) – Severity: Moderate
- Segmentation fault in DTLSv1_listen (CVE-2015-0207) – Severity: Moderate
- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) – Severity: Moderate
- Segmentation fault for invalid PSS parameters (CVE-2015-0208) – Severity: Moderate
- ASN.1 structure reuse memory corruption (CVE-2015-0287) – Severity: Moderate
- PKCS7 NULL pointer dereferences (CVE-2015-0289) – Severity: Moderate
- Base64 decode (CVE-2015-0292) – Severity: Moderate
- DoS via reachable assert in SSLv2 servers (CVE-2015-0293) – Severity: Moderate
- Empty CKE with client auth and DHE (CVE-2015-1787) – Severity: Moderate
- Handshake with unseeded PRNG (CVE-2015-0285) – Severity: Low
- Use After Free following d2i_ECPrivatekey error (CVE-2015-0209) Severity: Low
- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288) Severity: Low
意思就是說,你最好能夠升級到這些版本
19-Mar-2015: OpenSSL 1.0.2a is now available, including bug and security fixes 19-Mar-2015: OpenSSL 1.0.1m is now available, including bug and security fixes 19-Mar-2015: OpenSSL 1.0.0r is now available, including bug and security fixes 19-Mar-2015: OpenSSL 0.9.8zf is now available, including bug and security fixes
留言