openssl - now available, including bug and security fixes

nixCraft 或 19-Mar-2015: Security Advisory: twelve security fixes

  1. OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291) – Severity: High
  2. Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) – Severity: High
  3. Multiblock corrupted pointer (CVE-2015-0290) – Severity: Moderate
  4. Segmentation fault in DTLSv1_listen (CVE-2015-0207) – Severity: Moderate
  5. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) – Severity: Moderate
  6. Segmentation fault for invalid PSS parameters (CVE-2015-0208) – Severity: Moderate
  7. ASN.1 structure reuse memory corruption (CVE-2015-0287) – Severity: Moderate
  8. PKCS7 NULL pointer dereferences (CVE-2015-0289) – Severity: Moderate
  9. Base64 decode (CVE-2015-0292) – Severity: Moderate
  10. DoS via reachable assert in SSLv2 servers (CVE-2015-0293) – Severity: Moderate
  11. Empty CKE with client auth and DHE (CVE-2015-1787) – Severity: Moderate
  12. Handshake with unseeded PRNG (CVE-2015-0285) – Severity: Low
  13. Use After Free following d2i_ECPrivatekey error (CVE-2015-0209) Severity: Low
  14. X509_to_X509_REQ NULL pointer deref (CVE-2015-0288) Severity: Low

意思就是說,你最好能夠升級到這些版本

19-Mar-2015:	   OpenSSL 1.0.2a is now available, including bug and security fixes
19-Mar-2015:	   OpenSSL 1.0.1m is now available, including bug and security fixes
19-Mar-2015:	   OpenSSL 1.0.0r is now available, including bug and security fixes
19-Mar-2015:	   OpenSSL 0.9.8zf is now available, including bug and security fixes
Related posts 相關文章
用 DNSSEC 是為了安全,但如果憑證過期了怎麼辦
More...
使用 dehydrated 安裝 Let’s Encrypt SSL 憑證
More...
使用 certbot 安裝 Let’s Encrypt SSL 憑證
More...
該更新 OpenSSL,一個高風險、七個中等風險的漏洞
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。