2016-01-28 - OpenSSL Vulnerabilities¶
Jan 28, 2016 OpenSSL announced the following security advisories: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html
Advisory CVEs¶
CVE-2016-0701 - DH small subgroups (Severity:High)
This issue affects OpenSSL version 1.0.2. OpenSSL 1.0.2 users should upgrade to 1.0.2f
CVE-2015-3197 - SSLv2 doesn’t block disabled ciphers (Severity:Low)
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r
Action¶
xCAT uses OpenSSL for client-server communication but does not ship it.
It is recommended to keep your OpenSSL levels up-to-date with the indicated versions in the security bulletins to prevent any potential security threats.