728x90
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) ==================================================== Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. OpenSSL 1.1.0 users should upgrade to 1.1.0e This issue does not affect OpenSSL version 1.0.2. This issue was reported to OpenSSL on 31st January 2017 by Joe Orton (Red Hat). The fix was developed by Matt Caswell of the OpenSSL development team. Note ==== Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20170216.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
728x90
'취약점 정보2' 카테고리의 다른 글
OpenSSL 신규 취약점 보안 업데이트 권고 (0) | 2017.02.20 |
---|---|
CiSCO 제품군 다중 취약점 보안 업데이트 권고 (0) | 2017.02.17 |
금주 취약점 정리 (0) | 2017.02.17 |
Apache Brooklyn 다중취약점 (0) | 2017.02.16 |
Adobe 제품군 보안 업데이트 권고 (0) | 2017.02.15 |