drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in OpenSSL
Name: |
Zwei Probleme in OpenSSL |
|
ID: |
201601-05 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Sa, 30. Januar 2016, 09:34 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197
http://openssl.org/news/secadv/20160128.txt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701 |
|
Applikationen: |
OpenSSL |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --et13TnvidemUXtfFDIQkR3pAKpL0AsFE6 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201601-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: January 29, 2016 Bugs: #572854 ID: 201601-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes.
Background ==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2f >= 1.0.2f
Description ===========
Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details.
Impact ======
A remote attacker could disclose a server's private DH exponent, or complete SSLv2 handshakes using ciphers that have been disabled on the server.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2f"
References ==========
[ 1 ] CVE-2015-3197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197 [ 2 ] CVE-2016-0701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701 [ 3 ] OpenSSL Security Advisory [28th Jan 2016] http://openssl.org/news/secadv/20160128.txt
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-05
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--et13TnvidemUXtfFDIQkR3pAKpL0AsFE6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJWq/jnAAoJEFc90n/Ha1ljH9IQAI224Nicg9Ll9LWt04rS1izV GlAwVH04GRwq3wVMbOTxw9GrcVGjioO+MhfL7GmNHG4HQULuFHM/l0gSvzJCedai +loo64SoEZMIBfrf884ab5ugpY0GzAgINSeSripESvZXpemEXd7Vd5dUvFNZSye8 OW6GHsl4El0QQJr+JYm6AJjnovmMKAYbKbtvawzdRyAeufIkTfehnQ9mWAUCwy80 krrVx4lECctyVw3vbembQJB/3Ddk9hggXWIpHZ1cJEppASyMZH7vUzlRm2uxV0yF a5vfbweEWwk4c9MIjvYy/oHKfxDAC+IlrpOK/XCqixMiUM2m2qV1ZAoruuoSxAhE /qGDC0Gvosnj0tWrgyVmwJJw8v5RM4VJ17OS+nKaKgXN5Oo9GdYvmEnCwHKEcQSP 2kPTQ/mLEfCRUlOlzLG/7Aw5IK/rS0NU3GPWarhyVAk/YXsSRI8SpWAc1v2s7ZEk SOkn5h04NEAdSZncIrFIxho95q6b4jlTlAShXXBtam+08IlyjebEMDF9Jv83Z53Y fWBmOXG9ff2DzSPi5pVV4iIueF6kd05vqkqYgzGpDblvtCF4xxorAUazQLn0gSpD fu0XUKN+I4klcPLY5+ebEbY/WPpiZYWwbENdEPIxoTEY8F6UiflCDOFbaAp4tx9l MfDx1LfFd5CS8Ez6UTh2 =htJC -----END PGP SIGNATURE-----
--et13TnvidemUXtfFDIQkR3pAKpL0AsFE6--
|
|
|
|