mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-05-22 03:32:04 +00:00
21 lines
858 B
ReStructuredText
21 lines
858 B
ReStructuredText
2015-03-12 - OpenSSL Vulnerabilities (FREAK)
|
|
=============================================
|
|
|
|
OpenSSL announced security fixes on 01/08/15 in the following bulletin: https://www-origin.openssl.org/news/secadv/20150108.txt
|
|
|
|
Advisory CVEs
|
|
-------------
|
|
|
|
* CVE-2015-0204 **RSA silently downgrades to EXPORT_RSA [Client]** (Severity: Low)
|
|
|
|
FREAK vulnerability CVE-2015-0204 is involved when 'RSA_EXPORT' ssl cipher suit is used in ssl server/client.
|
|
|
|
Action
|
|
------
|
|
|
|
xCAT does not use RSA_EXPORT ciphers for ssl communication by default. However, xCAT does allow user to choose the ciphers from the site.xcatsslciphers attribute.
|
|
|
|
Make sure you do not put RSA_EXPORT related ciphers in this attribute.
|
|
|
|
It is recommended that you upgrade openssl to 1.0.1L and upper version for the fix of this problem. Go to the os distribution to get the latest openssl package.
|