openssl 安全漏洞
新發現一個影響 ubuntu 和其衍生版本的安全問題,影響的版本包括:
ubuntu 14.04 lts
ubuntu 13.10
ubuntu 12.10
ubuntu 12.04 lts
概括
openssl 在接收到某些特殊的網絡流量會導緻崩潰。
軟體描述
openssl - secure socket layer (ssl) 加密庫和工具
問題描述
it was discovered that openssl incorrectly handled memory in the
ssl3_read_bytes() function. a remote attacker could use this issue to
possibly cause openssl to crash, resulting in a denial of service.
(cve-2010-5298)
do_ssl3_write() function. a remote attacker could use this issue to
(cve-2014-0198)
更新方法
可通過更新系統到下列包版本來解決
ubuntu 14.04 lts:
libssl1.0.0 1.0.1f-1ubuntu2.1
ubuntu 13.10:
libssl1.0.0 1.0.1e-3ubuntu1.3
ubuntu 12.10:
libssl1.0.0 1.0.1c-3ubuntu2.8
ubuntu 12.04 lts:
libssl1.0.0 1.0.1-4ubuntu5.13
做完标準系統更新後需要重新開機機器讓改動生效。
references
cve-2010-5298, cve-2014-0198