該漏洞主要透過讀取網路伺服器的記憶體竊取資料,由於OpenSSL是Linux內鍵就自帶的套件,故被認為是「災難性的漏洞」
身為MIS針對這麼嚴重的漏洞馬上就被客戶問到了,幸好早已有對策的解決方案,追隨Radhat找到官方的CVE報告,並找到2014年的CVE-2014-0160這項報告為Important
RadHat CVE-2014-0160
報告指出在RedHat6的基本上都中槍了,反倒是RedHat5是安全的
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
若是在RedHat6的話需要升級到OpenSSL 1.0.1g
在CentOS6也馬上釋出了CVE-2014-0160
CentOS CVE-2014-0160
也有提供OpenSSL的升級檔
i386:
58ac5c57e0bcc3a34434973244ddb5eaf1323ef4ff1341f8ad78ec722a794238
openssl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
b4413e3509647ca7ad2d9d3eb7d53b367b7ea0d43a0d3553c9e517fdfc0a81a7
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
12e4456c9c9783fb08794d6a96b5aba4ee28d146b836d626cd1c6b073710d62a
openssl-perl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
8fbf30e0e237a772417013e81144715d7422fcb585e58adba9635164e3598f4e
openssl-static-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
x86_64:
58ac5c57e0bcc3a34434973244ddb5eaf1323ef4ff1341f8ad78ec722a794238
openssl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
80d3f839551280bec1aafaacbaddde6b4112c5d64ed4f5ecd2cb3974785319c0
openssl-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
b4413e3509647ca7ad2d9d3eb7d53b367b7ea0d43a0d3553c9e517fdfc0a81a7
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
fc146768d01e92c1dca6b8fffc2b272e62ee7e30c8004e64aa6c5a62707d8d30
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
8a91c231fe0b021613f784bac7d31e9468a2b286f75afb0276e8b4fe33020092
openssl-perl-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
fa2d68756a47d41ee227dcdc3de878c8f4edfb1d7b17b4b96027c991406aa4ee
openssl-static-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
沒有留言:
張貼留言