openssl 安全漏洞

新发现一个影响 Ubuntu 和其衍生版本的安全问题，影响的版本包括：

Ubuntu 14.04 LTS

Ubuntu 13.10

Ubuntu 12.10

Ubuntu 12.04 LTS

概括

OpenSSL 在接收到某些特殊的网络流量会导致崩溃。

软件描述

openssl - Secure Socket Layer (SSL) 加密库和工具

问题描述

It was discovered that OpenSSL incorrectly handled memory in the
ssl3_read_bytes() function. A remote attacker could use this issue to
possibly cause OpenSSL to crash, resulting in a denial of service.
(CVE-2010-5298)

It was discovered that OpenSSL incorrectly handled memory in the
do_ssl3_write() function. A remote attacker could use this issue to
possibly cause OpenSSL to crash, resulting in a denial of service.
(CVE-2014-0198)

更新方法

可通过更新系统到下列包版本来解决

Ubuntu 14.04 LTS:

libssl1.0.0 1.0.1f-1ubuntu2.1

Ubuntu 13.10:

libssl1.0.0 1.0.1e-3ubuntu1.3

Ubuntu 12.10:

libssl1.0.0 1.0.1c-3ubuntu2.8

Ubuntu 12.04 LTS:

libssl1.0.0 1.0.1-4ubuntu5.13

系统更新方法请看: https://wiki.ubuntu.com/Security/Upgrades.

做完标准系统更新后需要重启机器让改动生效。

References

CVE-2010-5298, CVE-2014-0198

文章转载自 开源中国社区[http://www.oschina.net]