受影响系统:
OpenSSL Project OpenSSL < 0.9.8d
OpenSSL Project OpenSSL < 0.9.7l
不受影响系统:
OpenSSL Project OpenSSL 0.9.8d
OpenSSL Project OpenSSL 0.9.7l
描述:
BUGTRAQ ID: 20247
CVE(CAN) ID: CVE-2006-2940
OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
OpenSSL在处理某些类型的公钥时可能会耗费不适当的时间,允许攻击者导致拒绝服务。
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1195-1)以及相应补丁:
DSA-1195-1:new openssl096 packages fix denial of service
链接:http://www.debian.org/security/2005/dsa-1195
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.diff.gz
Size/MD5 checksum: 21115 9019caf796eb866f24d5949503b1cdb5
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.dsc
Size/MD5 checksum: 617 7d60c6c3ecdf502734068ab2a8b32118
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_alpha.deb
Size/MD5 checksum: 1966534 9f78dcc0f9685641a7fc3d927370d819
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_amd64.deb
Size/MD5 checksum: 578632 f1574a0058e85cb0e2c6cff996530c97
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_arm.deb
Size/MD5 checksum: 519304 66fa4a65d803f0115dd80d5359944a2d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_hppa.deb
Size/MD5 checksum: 587946 353d46f3351d5a19dfdaf22f605fc627
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_i386.deb
Size/MD5 checksum: 1756270 2747688d91dfe1cd00430a74bdef6265
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_ia64.deb
Size/MD5 checksum: 815662 45a5b6503ed631149fea28b37a980e21
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_m68k.deb
Size/MD5 checksum: 477288 da4ddff773fd7d6af0604363719b368a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mips.deb
Size/MD5 checksum: 577284 d2bf3c9d86dbba15bbb9d1cb93a6fc51
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb
Size/MD5 checksum: 569246 75d69f033f833b7928a8ca521efb95ea
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb
Size/MD5 checksum: 582928 72be71aae8b781ca5a7b1d1b2e738541
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_s390.deb
Size/MD5 checksum: 602874 e671b41d37d34b7d2055eaca112be269
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_sparc.deb
Size/MD5 checksum: 1460162 acfb3e17f005c32268fa1def17ea884b
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-06:23)以及相应补丁:
FreeBSD-SA-06:23:Multiple problems in crypto(3)
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:23.openssl.asc
补丁下载:
执行以下步骤之一:
1) 将有漏洞的系统升级到4-STABLE, 5-STABLE或6-STABLE,或修改日期之后的RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3或RELENG_4_11安全版本.
2) 为当前系统打补丁:
以下补丁确认可应用于FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0和6.1系统.
a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名.
# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc
b) 以root执行以下命令:
# cd /usr/src
# patch < /path/to/patch
c) 如<URL: http://www.freebsd.org/handbook/makeworld.html> 所述重新编译并重启系统.
OpenSSL Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.openssl.org/source/openssl-0.9.7l.tar.gz
http://www.openssl.org/source/openssl-0.9.8d.tar.gz
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2006:0695-01)以及相应补丁:
RHSA-2006:0695-01:Important: openssl security update
链接:http://lwn.net/Alerts/201933
SGI
---
SGI已经为此发布了一个安全公告(20061001-01-P)以及相应补丁:
20061001-01-P:SGI Advanced Linux Environment 3 Security Update #64
链接:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-102668)以及相应补丁:
Sun-Alert-102668:Security Vulnerabilities In OpenSSL Affect Sun Grid Engine 5.3 and N1 Grid Engine 6.0
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102668-1
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200610-11)以及相应补丁:
GLSA-200610-11:OpenSSL: Multiple vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200610-11.xml
所有OpenSSL 0.9.8用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
所有OpenSSL 0.9.7用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
|
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)