2012年3月13日

[installer 3143] OpenSSL 0.9.8u, 1.0.0h

OpenSSL 0.9.8u, 1.0.0h 出ています。

セキュリティホールの修正版です。
http://openssl.org/news/secadv_20120118.txt
参照のこと。

☆ openssl-0.9.8u
http://www.openssl.org/

ftp://ftp.openssl.org/source/openssl-0.9.8u.tar.gz
http://www.openssl.org/source/openssl-0.9.8u.tar.gz

Changes between 0.9.8t and 0.9.8u [12 Mar 2012]

*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@xxxxx> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]

*) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to
Ivan Nestlerode <inestlerode@xxxxx> for discovering this bug.
[Steve Henson]


☆ openssl-1.0.0h
http://www.openssl.org/
ftp://ftp.openssl.org/source/openssl-1.0.0h.tar.gz
http://www.openssl.org/source/openssl-1.0.0h.tar.gz

Changes between 1.0.0g and 1.0.0h [12 Mar 2012]

*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@xxxxx> for discovering
this issue. (CVE-2012-0884)
[Steve Henson]

*) Fix CVE-2011-4619: make sure we really are receiving a
client hello before rejecting multiple SGC restarts. Thanks to
Ivan Nestlerode <inestlerode@xxxxx> for discovering this bug.
[Steve Henson]

----
こがよういちろう


投稿者 xml-rpc : 2012年3月13日 09:44
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/108779
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。