Add security bulletin files

2025-05-29 17:23:08 +00:00 · 2017-01-31 16:41:15 -05:00 · 2017-01-31 16:41:15 -05:00 · ff2c6351af
commit ff2c6351af
parent 19f6e8d242
2 changed files with 34 additions and 0 deletions
--- a/docs/source/security/2017/20170126_openssl.rst
+++ b/docs/source/security/2017/20170126_openssl.rst
@ -0,0 +1,27 @@
+2017-01-27 - OpenSSL Vulnerabilities
+====================================
+
+*Jan 26, 2017*, OpenSSL announced the following security advisories: https://www.openssl.org/news/secadv/20170126.txt
+
+
+Advisory CVEs
+-------------
+
+* CVE-2017-3731 - **Truncated packet could crash via OOB read** (Severity:Moderate)
+
+* CVE-2017-3730 - **Bad (EC)DHE parameters cause a client crash** (Severity: Moderate)
+
+* CVE-2017-3732 - **BN_mod_exp may produce incorrect results on x86_64** (Severity: Moderate)
+
+* CVE-2016-7055 - **Montgomery multiplication may produce incorrect results** (Severity: Low)
+
+Please see the security bulletin above for patch, upgrade, or suggested work around information.
+
+Action
+------
+
+xCAT uses OpenSSL for client-server communication but **does not** ship it.  
+
+It is highly recommended to keep your OpenSSL levels up-to-date with the indicated versions in the security bulletins to prevent any potential security threats. Obtain the updated software packages from your Operating system distribution channels. 
+
+
--- a/docs/source/security/2017/index.rst
+++ b/docs/source/security/2017/index.rst
@ -0,0 +1,7 @@
+2017 Notices 
+============
+
+.. toctree::
+   :maxdepth: 1
+
+   20170126_openssl.rst