From ff2c6351af0ae672770dbaf7a81a61e7b2dfb7c7 Mon Sep 17 00:00:00 2001 From: Victor Hu Date: Tue, 31 Jan 2017 16:41:15 -0500 Subject: [PATCH] Add security bulletin files --- .../source/security/2017/20170126_openssl.rst | 27 +++++++++++++++++++ docs/source/security/2017/index.rst | 7 +++++ 2 files changed, 34 insertions(+) create mode 100644 docs/source/security/2017/20170126_openssl.rst create mode 100644 docs/source/security/2017/index.rst diff --git a/docs/source/security/2017/20170126_openssl.rst b/docs/source/security/2017/20170126_openssl.rst new file mode 100644 index 000000000..037ad97cb --- /dev/null +++ b/docs/source/security/2017/20170126_openssl.rst @@ -0,0 +1,27 @@ +2017-01-27 - OpenSSL Vulnerabilities +==================================== + +*Jan 26, 2017*, OpenSSL announced the following security advisories: https://www.openssl.org/news/secadv/20170126.txt + + +Advisory CVEs +------------- + +* CVE-2017-3731 - **Truncated packet could crash via OOB read** (Severity:Moderate) + +* CVE-2017-3730 - **Bad (EC)DHE parameters cause a client crash** (Severity: Moderate) + +* CVE-2017-3732 - **BN_mod_exp may produce incorrect results on x86_64** (Severity: Moderate) + +* CVE-2016-7055 - **Montgomery multiplication may produce incorrect results** (Severity: Low) + +Please see the security bulletin above for patch, upgrade, or suggested work around information. + +Action +------ + +xCAT uses OpenSSL for client-server communication but **does not** ship it. + +It is highly recommended to keep your OpenSSL levels up-to-date with the indicated versions in the security bulletins to prevent any potential security threats. Obtain the updated software packages from your Operating system distribution channels. + + diff --git a/docs/source/security/2017/index.rst b/docs/source/security/2017/index.rst new file mode 100644 index 000000000..7c5b764ff --- /dev/null +++ b/docs/source/security/2017/index.rst @@ -0,0 +1,7 @@ +2017 Notices +============ + +.. toctree:: + :maxdepth: 1 + + 20170126_openssl.rst