RHSA-2015:0066: openssl security update漏洞解决处理方案
软件: 1.0.1e-16.el6_5.14
命中: openssl version less than 0:1.0.1e-30.el6_6.5
路径: /etc/pki/CA
软件: 1.0.1e-16.el6_5.14
命中: openssl-devel version less than 0:1.0.1e-30.el6_6.5
路径: /usr/include/openssl
漏洞基本信息
CVE-2014-3570 中危CVE-2014-3571 中危CVE-2014-3572 中危CVE-2014-8275 中危CVE-2015-0204 中危CVE-2015-0205 中危CVE-2015-0206 中危
标题: OpenSSL存在未明漏洞
CVSS分值: 5.0
CVSS: AV:N/AC:L/Au:N/C:P/I:N/A:N
披露时间: 2015-01-08 00:00:00
利用难度: INSUFFICIENT_INFO
POC公开时间: 2017-05-28 16:39:02
CVEID: CVE-2014-3570
简介:
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
修复命令:
yum update openssl
yum update openssl-devel
以上命令同时适用于:RHSA-2015:0715: openssl security update 高危漏洞的处理。