九州ソフトウェアテスト勉強会Vol6
•
1 like•465 views
Report
Share
九州ソフトウェアテスト勉強会Vol6
- 4. 脆弱性とは?
- 8. OpenSSL Projectの発表内容 OpenSSL Security Advisory [07 Apr 2014] ======================================== ! TLS heartbeat read overrun (CVE-2014-0160) ========================================== ! A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. ! Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. ! Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. ! Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. ! 1.0.2 will be fixed in 1.0.2-beta2. ! ! https://www.openssl.org/news/secadv_20140407.txt
- 15. ご清聴ありがとうござい ました。