/ 中存储网

RHSA-2015:0066: openssl security update漏洞解决处理方案

2018-04-13 13:50:46 来源:中存储

RHSA-2015:0066: openssl security update漏洞解决处理方案

软件: 1.0.1e-16.el6_5.14

命中: openssl version less than 0:1.0.1e-30.el6_6.5

路径: /etc/pki/CA

软件: 1.0.1e-16.el6_5.14

命中: openssl-devel version less than 0:1.0.1e-30.el6_6.5

路径: /usr/include/openssl

漏洞基本信息

CVE-2014-3570 中危CVE-2014-3571 中危CVE-2014-3572 中危CVE-2014-8275 中危CVE-2015-0204 中危CVE-2015-0205 中危CVE-2015-0206 中危

标题: OpenSSL存在未明漏洞

CVSS分值: 5.0

CVSS: AV:N/AC:L/Au:N/C:P/I:N/A:N

披露时间: 2015-01-08 00:00:00

利用难度: INSUFFICIENT_INFO

POC公开时间: 2017-05-28 16:39:02

CVEID: CVE-2014-3570

简介:

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

修复命令:

yum update openssl

yum update openssl-devel

以上命令同时适用于:RHSA-2015:0715: openssl security update 高危漏洞的处理。