mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-05-23 12:12:05 +00:00
b90fe27096
documentation so we can clean up the GitHub Wiki to remove security notices from that location. I think saving the last 2 years is sufficient and probably should get removed over time.
21 lines
876 B
ReStructuredText
21 lines
876 B
ReStructuredText
2015-03-12 - OpenSSL Vulnerabilities (FREAK)
|
|
=============================================
|
|
|
|
OpenSSL announced security fixes on 01/08/15 in the following bulletin: https://www-origin.openssl.org/news/secadv/20150108.txt
|
|
|
|
Advisory CVEs
|
|
-------------
|
|
|
|
* CVE-2015-0204 **RSA silently downgrades to EXPORT_RSA [Client]** (Severity: Low)
|
|
|
|
FREAK vulnerability CVE-2015-0204 is involved when 'RSA_EXPORT' ssl cipher suit is used in ssl server/client.
|
|
|
|
Action
|
|
------
|
|
|
|
xCAT does not use RSA_EXPORT ciphers for ssl communication by default. However, xCAT does allow user to choose the ciphers from the site.xcatsslciphers attribute.
|
|
|
|
Please make sure you do not put RSA_EXPORT related ciphers in this attribute.
|
|
|
|
It is recommended that you upgrade openssl to 1.0.1L and upper version for the fix of this problem. Please go to the os distribution to get the latest openssl package.
|