安全研究

安全漏洞
OpenSSL Timing攻击RSA私钥信息泄露漏洞

发布日期:2003-03-14
更新日期:2003-04-02

受影响系统:
OpenSSL Project OpenSSL 0.9.7a
OpenSSL Project OpenSSL 0.9.7
OpenSSL Project OpenSSL 0.9.6i
OpenSSL Project OpenSSL 0.9.6h
OpenSSL Project OpenSSL 0.9.6g
OpenSSL Project OpenSSL 0.9.6e
OpenSSL Project OpenSSL 0.9.6d
OpenSSL Project OpenSSL 0.9.6c
OpenSSL Project OpenSSL 0.9.6a
OpenSSL Project OpenSSL 0.9.6
OpenPKG OpenPKG Current
OpenPKG OpenPKG 1.2
OpenPKG OpenPKG 1.1
Stunnel Stunnel 4.04
Stunnel Stunnel 4.03
Stunnel Stunnel 4.02
Stunnel Stunnel 4.01
Stunnel Stunnel 4.0
Stunnel Stunnel 3.9
Stunnel Stunnel 3.8
Stunnel Stunnel 3.8
Stunnel Stunnel 3.22
Stunnel Stunnel 3.21
Stunnel Stunnel 3.20
Stunnel Stunnel 3.18
Stunnel Stunnel 3.17
Stunnel Stunnel 3.16
Stunnel Stunnel 3.15
Stunnel Stunnel 3.14
Stunnel Stunnel 3.13
Stunnel Stunnel 3.12
Stunnel Stunnel 3.11
Stunnel Stunnel 3.10
OpenSSL Project OpenSSL 0.9.6b
    - Conectiva Linux 7.0
    - Mandrake Linux 8.1
    - NetBSD 1.5.3
    - NetBSD 1.5.2
    - NetBSD 1.5.1
    - NetBSD 1.5
    - OpenBSD 3.1
    - OpenBSD 3.0
    - RedHat Linux 7.3
    - RedHat Linux 7.2
    - SuSE Linux 7.3
Stunnel Stunnel 3.19
    - Debian Linux 2.2
    - FreeBSD 4.2
    - FreeBSD 4.1
    - FreeBSD 4.0
    - Microsoft Windows 98
    - Microsoft Windows 2000 SP3
    - OpenBSD 2.8
    - OpenBSD 2.7
    - OpenBSD 2.6
    - OpenBSD 2.5
    - OpenBSD 2.4
    - OpenBSD 2.3
    - OpenBSD 2.2
    - OpenBSD 2.1
    - OpenBSD 2.0
    - RedHat Linux 7.2
    - Sun Solaris 8.0
描述:
BUGTRAQ  ID: 7101
CVE(CAN) ID: CVE-2003-0147

OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。

OpenSSL实现存在典型的定时(Timing)攻击,远程攻击者可以利用这个漏洞获得RSA私钥信息。

定时攻击一般用于攻击一些弱计算机设备,如智能卡。OpenSSL在客户端和服务器端会话密钥协商时部分定时操作存在漏洞,可导致恶意客户端获得目标服务器的RSA私钥信息。

详细分析可参看:

http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

<*来源:David Brumley and Dan Boneh.
  
  链接:http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
        ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-005.txt.asc
        http://www.linux-mandrake.com/en/security/2003/2003-035.php
        https://www.redhat.com/support/errata/RHSA-2003-101.html
        ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 第三方补丁如下:

Index: crypto/rsa/rsa_eay.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
retrieving revision 1.28.2.3
diff -u -r1.28.2.3 rsa_eay.c
--- crypto/rsa/rsa_eay.c 30 Jan 2003 17:37:46 -0000 1.28.2.3
+++ crypto/rsa/rsa_eay.c 16 Mar 2003 10:34:13 -0000
@@ -195,6 +195,25 @@
return(r);
}

+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+ {
+ int ret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ /* Check again inside the lock - the macro's check is racey */
+ if(rsa->blinding == NULL)
+ ret = RSA_blinding_on(rsa, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+ }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) + do { + if(((rsa)->flags & RSA_FLAG_BLINDING) && + ((rsa)->blinding == NULL) && + !rsa_eay_blinding(rsa, ctx)) + err_instr + } while(0)
+
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
@@ -239,8 +258,8 @@
goto err;
}

- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;

@@ -318,8 +337,8 @@
goto err;
}

- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
- RSA_blinding_on(rsa,ctx);
+ BLINDING_HELPER(rsa, ctx, goto err;);
+
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;

Index: crypto/rsa/rsa_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
retrieving revision 1.30.2.2
diff -u -r1.30.2.2 rsa_lib.c
--- crypto/rsa/rsa_lib.c 30 Jan 2003 17:37:46 -0000 1.30.2.2
+++ crypto/rsa/rsa_lib.c 16 Mar 2003 10:34:13 -0000
@@ -72,7 +72,13 @@

RSA *RSA_new(void)
{
- return(RSA_new_method(NULL));
+ RSA *r=RSA_new_method(NULL);
+
+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
+ r->flags|=RSA_FLAG_BLINDING;
+#endif
+
+ return r;
}

void RSA_set_default_method(const RSA_METHOD *meth)

厂商补丁:

Caldera
-------
Caldera已经为此发布了一个安全公告(CSSA-2003-014.0)以及相应补丁:
CSSA-2003-014.0:Linux: several recently discovered openssl vulnerabilities
链接:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt

补丁下载:

SCO Patch openssl-devel-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-014.0/RPMS/openssl-devel-0.9.6-21.i386.rpm

SCO Patch openssl-devel-static-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-014.0/RPMS/openssl-devel-static-0.9.6-21.i386.rpm

SCO Patch openssl-devel-static-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-014.0/RPMS/openssl-devel-static-0.9.6-21.i386.rpm

SCO Patch openssl-devel-static-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-014.0/RPMS/openssl-devel-static-0.9.6-21.i386.rpm

SCO Patch openssl-devel-static-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-014.0/RPMS/openssl-devel-static-0.9.6-21.i386.rpm

SCO Patch openssl-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-014.0/RPMS/openssl-0.9.6-21.i386.rpm

SCO Patch openssl-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-014.0/RPMS/openssl-0.9.6-21.i386.rpm

SCO Patch openssl-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-014.0/RPMS/openssl-0.9.6-21.i386.rpm

SCO Patch openssl-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-014.0/RPMS/openssl-0.9.6-21.i386.rpm

SCO Patch openssl-devel-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-014.0/RPMS/openssl-devel-0.9.6-21.i386.rpm

SCO Patch openssl-devel-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-014.0/RPMS/openssl-devel-0.9.6-21.i386.rpm

SCO Patch openssl-devel-0.9.6-21.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-014.0/RPMS/openssl-devel-0.9.6-21.i386.rpm

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:035)以及相应补丁:
MDKSA-2003:035:Updated openssl packages fix RSA-related insecurities
链接:http://www.linux-mandrake.com/en/security/2003/2003-035.php

补丁下载:

Updated Packages:

Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/openssl-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/openssl-0.9.5a-9.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/openssl-devel-0.9.5a-9.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/openssl-0.9.5a-9.5mdk.src.rpm

Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/openssl-0.9.6i-1.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/openssl-devel-0.9.6i-1.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/openssl-0.9.6i-1.3mdk.src.rpm

Mandrake Linux 8.0/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/openssl-0.9.6i-1.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/openssl-devel-0.9.6i-1.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/openssl-0.9.6i-1.3mdk.src.rpm

Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/openssl-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libopenssl0-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libopenssl0-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libopenssl0-static-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Mandrake Linux 8.1/IA64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/openssl-0.9.6i-1.4mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libopenssl0-0.9.6i-1.4mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libopenssl0-devel-0.9.6i-1.4mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libopenssl0-static-devel-0.9.6i-1.4mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/openssl-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libopenssl0-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libopenssl0-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libopenssl0-static-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Mandrake Linux 8.2/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/openssl-0.9.6i-1.4mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libopenssl0-0.9.6i-1.4mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libopenssl0-devel-0.9.6i-1.4mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libopenssl0-static-devel-0.9.6i-1.4mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/openssl-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libopenssl0-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libopenssl0-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Mandrake Linux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/openssl-0.9.7a-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libopenssl0-0.9.6i-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/openssl-0.9.7a-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/openssl0.9.6-0.9.6i-1.1mdk.src.rpm

Mandrake Linux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/openssl-0.9.7a-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libopenssl0-0.9.6i-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/openssl-0.9.7a-1.1mdk.src.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.1mdk.src.rpm

Multi Network Firewall 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/openssl-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/libopenssl0-0.9.6i-1.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/SRPMS/openssl-0.9.6i-1.4mdk.src.rpm

Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/openssl-0.9.5a-9.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/openssl-0.9.5a-9.5mdk.src.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:101-01)以及相应补丁:
RHSA-2003:101-01:Updated OpenSSL packages fix vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2003-101.html

补丁下载:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/openssl-0.9.5a-33.src.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/openssl-0.9.5a-33.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-devel-0.9.5a-33.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-perl-0.9.5a-33.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/openssl-python-0.9.5a-33.i386.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssl-0.9.6-16.src.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-devel-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-perl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssl-python-0.9.6-16.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssl-0.9.6-16.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-devel-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-perl-0.9.6-16.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssl-python-0.9.6-16.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl096-0.9.6-16.7.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssl-0.9.6b-32.7.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl096-0.9.6-16.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-devel-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssl-perl-0.9.6b-32.7.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/openssl-0.9.6b-32.7.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssl095a-0.9.5a-20.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl096-0.9.6-16.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-0.9.6b-32.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-devel-0.9.6b-32.7.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssl-perl-0.9.6b-32.7.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl095a-0.9.5a-20.7.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl096-0.9.6-16.7.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssl-0.9.6b-32.7.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssl095a-0.9.5a-20.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl096-0.9.6-16.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-devel-0.9.6b-32.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssl-perl-0.9.6b-32.7.i386.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/openssl-0.9.6b-32.7.i686.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssl095a-0.9.5a-21.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssl096-0.9.6-16.8.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssl-0.9.6b-33.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/openssl095a-0.9.5a-21.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl096-0.9.6-16.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-0.9.6b-33.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-devel-0.9.6b-33.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssl-perl-0.9.6b-33.i386.rpm

i686:
ftp://updates.redhat.com/8.0/en/os/i686/openssl-0.9.6b-33.i686.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/openssl096-0.9.6-17.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/openssl096b-0.9.6b-6.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/openssl-0.9.7a-5.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/openssl096-0.9.6-17.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl096b-0.9.6b-6.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-0.9.7a-5.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-devel-0.9.7a-5.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssl-perl-0.9.7a-5.i386.rpm

i686:
ftp://updates.redhat.com/9/en/os/i686/openssl-0.9.7a-5.i686.rpm
可使用下列命令安装补丁:

rpm -Fvh [文件名]

OpenPKG
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

OpenPKG OpenPKG Current:

OpenPKG Upgrade apache-1.3.27-20030318.src.rpm
ftp://ftp.openpkg.org/current/SRC/apache-1.3.27-20030318.src.rpm

OpenPKG OpenPKG 1.1:

OpenPKG Upgrade apache-1.3.26-1.1.4.src.rpm
ftp://ftp.openpkg.org/release/1.1/UPD/apache-1.3.26-1.1.4.src.rpm

OpenPKG OpenPKG 1.2:

OpenPKG Upgrade apache-1.3.27-1.2.2.src.rpm
ftp://ftp.openpkg.org/release/1.2/UPD/apache-1.3.27-1.2.2.src.rpm

Stunnel
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Stunnel Patch blinding-3.x_bri.patch
http://www.stunnel.org/patches/desc/blinding-3.x_bri.html

浏览次数:4932
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障