Описание
ELSA-2015-1072: openssl security update (MODERATE)
[1.0.1e-30.9]
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
openssl
1.0.1e-30.el6_6.9
openssl-devel
1.0.1e-30.el6_6.9
openssl-perl
1.0.1e-30.el6_6.9
openssl-static
1.0.1e-30.el6_6.9
Oracle Linux i686
openssl
1.0.1e-30.el6_6.9
openssl-devel
1.0.1e-30.el6_6.9
openssl-perl
1.0.1e-30.el6_6.9
openssl-static
1.0.1e-30.el6_6.9
Oracle Linux 7
Oracle Linux x86_64
openssl
1.0.1e-42.el7_1.6
openssl-devel
1.0.1e-42.el7_1.6
openssl-libs
1.0.1e-42.el7_1.6
openssl-perl
1.0.1e-42.el7_1.6
openssl-static
1.0.1e-42.el7_1.6
Связанные CVE
Связанные уязвимости
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ena ...
