mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-05-21 19:22:05 +00:00
28 lines
1.0 KiB
ReStructuredText
28 lines
1.0 KiB
ReStructuredText
2017-01-27 - OpenSSL Vulnerabilities
|
|
====================================
|
|
|
|
*Jan 26, 2017*, OpenSSL announced the following security advisories: https://www.openssl.org/news/secadv/20170126.txt
|
|
|
|
|
|
Advisory CVEs
|
|
-------------
|
|
|
|
* CVE-2017-3731 - **Truncated packet could crash via OOB read** (Severity:Moderate)
|
|
|
|
* CVE-2017-3730 - **Bad (EC)DHE parameters cause a client crash** (Severity: Moderate)
|
|
|
|
* CVE-2017-3732 - **BN_mod_exp may produce incorrect results on x86_64** (Severity: Moderate)
|
|
|
|
* CVE-2016-7055 - **Montgomery multiplication may produce incorrect results** (Severity: Low)
|
|
|
|
Please see the security bulletin above for patch, upgrade, or suggested work around information.
|
|
|
|
Action
|
|
------
|
|
|
|
xCAT uses OpenSSL for client-server communication but **does not** ship it.
|
|
|
|
It is highly recommended to keep your OpenSSL levels up-to-date with the indicated versions in the security bulletins to prevent any potential security threats. Obtain the updated software packages from your Operating system distribution channels.
|
|
|
|
|