xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-11-04 13:22:36 +00:00
Code Issues Releases Wiki Activity
Files
e1fdfcb8508bf65fd4177beb36cbfaf078013c49
xcat-core/docs/source/security/2016/20160115_openssl.rst
Victor Hu 844a52b292 Propose moving the security notices from the GitHub Wiki over 
to the documentation in ReadTheDocs so we can better organize
the wiki pages in Github
2016-05-06 10:26:09 -04:00

29 lines
1.0 KiB
ReStructuredText
Raw Blame History

2016-01-15 - OpenSSL Vulnerabilities (SLOTH)
============================================
A detailed description of this issue can be seen in the following blog posting: http://www.mitls.org/pages/attacks/SLOTH
Advisory CVEs
-------------
`CVE-2015-7575 <https://access.redhat.com/security/cve/CVE-2015-7575>`_ - TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
Action
------
xCAT uses OpenSSL for client-server communication but **does not** ship it.
It is highly recommended to keep your OpenSSL levels up-to-date with the indicated versions in the security bulletins to prevent any potential security threats. Obtain the updated software packages from your Operating system distribution channels.
Disable MD5 authentication in the cipher list using the site table keyword ``xcatsslciphers``.
1. Check if MD5 is already disabled: ``tabdump site | grep xcatssl``
2. If nothing is set, add ``ALL:!MD5`` to the cipher list: ``chtab key=xcatsslciphers site.value='ALL:!MD5'``
3. Restart xcat: ``service xcatd restart``
Reference in New Issue View Git Blame Copy Permalink