xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-10-31 19:32:31 +00:00
Code Issues Releases Wiki Activity
Files
8d92211f810ca281f9e537e033a420a6884eb0d2
xcat-core/docs/source/security/2015/20150312_openssl.rst
Mark Gurevich a50f3710f7 Doc spelling and gramma fixes
2016-10-25 15:31:20 -04:00

21 lines
862 B
ReStructuredText
Raw Blame History

2015-03-12 - OpenSSL Vulnerabilities (FREAK)
=============================================
OpenSSL announced security fixes on 01/08/15 in the following bulletin: https://www-origin.openssl.org/news/secadv/20150108.txt
Advisory CVEs
-------------
* CVE-2015-0204 **RSA silently downgrades to EXPORT_RSA [Client]** (Severity: Low)
FREAK vulnerability CVE-2015-0204 is involved when 'RSA_EXPORT' ssl cipher suit is used in ssl server/client.
Action
------
xCAT does not use RSA_EXPORT ciphers for ssl communication by default. However, xCAT does allow user to choose the ciphers from the site.xcatsslciphers attribute.
Make sure you do not put RSA_EXPORT related ciphers in this attribute.
It is recommended that you upgrade openssl to 1.0.1L and upper version for the fix of this problem. Go to the os distribution to get the latest openssl package.
Reference in New Issue View Git Blame Copy Permalink