: Log in!

メインメニュー
Google


ウェブ 検索
サイト内検索
トップ  >  Linux14歩  >  2014-01-08 openssl(source)のupdate
20140108 openssl-1.0.1fにupdateしました


OpenSSL CHANGES

Changes between 1.0.1e and 1.0.1f [6 Jan 2014]

. Fix for TLS record tampering bug. A carefully crafted invalid 
  handshake could crash OpenSSL with a NULL pointer exception.
  Thanks to Anton Johansson for reporting this issues.
  (CVE-2013-4353)

. Keep original DTLS digest and encryption contexts in retransmission
  structures so we can use the previous session parameters if they 
  need to be resent. (CVE-2013-6450)
  [Steve Henson]

. Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
  avoids preferring ECDHE-ECDSA ciphers when the client appears to be
  Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
  several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
  is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
  10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
  [Rob Stradling, Adam Langley]
投票数:25 平均点:4.00
前
2014-01-04 phpmyadminのupdate
カテゴリートップ
Linux14歩
次
2014-01-09 phpmyadminのupdate