JPCERT-AT-2016-0038
JPCERT/CC
2016-09-28
<<< JPCERT/CC Alert 2016-09-28 >>>
Alert regarding vulnerability (CVE-2016-6309) in OpenSSL
https://www.jpcert.or.jp/english/at/2016/at160038.html
I. Overview
OpenSSL provided by the OpenSSL project contains a vulnerability
(CVE-2016-6309). A remote attacker who sends a specially crafted
message exploiting this vulnerability may execute arbitrary code or
cause a denial-of-service on the server where OpenSSL is running.
For more information on the impacts of this vulnerability, please
refer to the information provided by the OpenSSL Project.
OpenSSL Project
OpenSSL Security Advisory [26 Sep 2016]
https://www.openssl.org/news/secadv/20160926.txt
This vulnerability originates in the patch (1.1.0a) released by the
OpenSSL Project on September 22, 2016 for a vulnerability (CVE-2016-6307).
Thus, only those that applied this patch are affected.
If you are using an affected version, it is recommended to address
the issue as soon as possible by referring to the information in
"III. Solution".
II. Affected Software
The following version is affected by this vulnerability:
- OpenSSL 1.1.0a
III. Solution
The OpenSSL Project has released a version of OpenSSL to address
this vulnerability. Please consider applying the update after thorough
testing.
- OpenSSL 1.1.0b
IV. References
JVNVU#99474230
Multiple vulnerabilities in OpenSSL (Japanese)
https://jvn.jp/vu/JVNVU99474230/
US-CERT
OpenSSL Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2016/09/23/OpenSSL-Releases-Security-Updates
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top