mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-10-31 19:32:31 +00:00
29 lines
877 B
ReStructuredText
29 lines
877 B
ReStructuredText
2016-01-28 - OpenSSL Vulnerabilities
|
|
====================================
|
|
|
|
*Jan 28, 2016* OpenSSL announced the following security advisories: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html
|
|
|
|
Advisory CVEs
|
|
-------------
|
|
|
|
* CVE-2016-0701 - **DH small subgroups** (Severity:High)
|
|
|
|
This issue affects OpenSSL version 1.0.2.
|
|
OpenSSL 1.0.2 users should upgrade to 1.0.2f
|
|
|
|
* CVE-2015-3197 - **SSLv2 doesn't block disabled ciphers** (Severity:Low)
|
|
|
|
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
|
|
|
|
OpenSSL 1.0.2 users should upgrade to 1.0.2f
|
|
OpenSSL 1.0.1 users should upgrade to 1.0.1r
|
|
|
|
|
|
Action
|
|
------
|
|
|
|
xCAT uses OpenSSL for client-server communication but **does not** ship it.
|
|
|
|
It is recommended to keep your OpenSSL levels up-to-date with the indicated versions in the security bulletins to prevent any potential security threats.
|
|
|