2018-04-13 13:50:46
来 源
中存储
阿里云
RHSA-2015:0066: openssl security update漏洞解决处理方案, OpenSSL存在未明漏洞,可用修复命令:yum update openssl和yum update openssl-devel。

RHSA-2015:0066: openssl security update漏洞解决处理方案

软件: 1.0.1e-16.el6_5.14

命中: openssl version less than 0:1.0.1e-30.el6_6.5

路径: /etc/pki/CA

软件: 1.0.1e-16.el6_5.14

命中: openssl-devel version less than 0:1.0.1e-30.el6_6.5

路径: /usr/include/openssl

漏洞基本信息

CVE-2014-3570 中危CVE-2014-3571 中危CVE-2014-3572 中危CVE-2014-8275 中危CVE-2015-0204 中危CVE-2015-0205 中危CVE-2015-0206 中危

标题: OpenSSL存在未明漏洞

CVSS分值: 5.0

CVSS: AV:N/AC:L/Au:N/C:P/I:N/A:N

披露时间: 2015-01-08 00:00:00

利用难度: INSUFFICIENT_INFO

POC公开时间: 2017-05-28 16:39:02

CVEID: CVE-2014-3570

简介:

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

修复命令:

yum update openssl

yum update openssl-devel

以上命令同时适用于:RHSA-2015:0715: openssl security update 高危漏洞的处理。

声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。