캐노니컬에서 12월 7일에 OpenSSL 에 대한 긴급 패치를 발표했습니다.
모든 우분투 버전에 해당하니 리눅스 민트도 해당합니다.
그러므로 하모니카도 해당합니다.
http://news.softpedia.com/news/canonical-patches-critical-openssl-vulnerabilities-in-all-supported-ubuntu-oses-497247.shtml
지금 업데이트 매니저를 실행 하시고, 업데이트 하세요
apt update
apt dist-upgrade -y
하셔도 좋습니다.
전체 업데이트를 원하지 않으신 경우에는,
$ sudo apt-get install openssl
명령으로 openssl만 업데이트 하실 수 있습니다.
설치 완료시 아래의 명령으로 현재 설치된 버전을 확인해 보실 수 있습니다.
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
$ sudo dpkg -l openssl 희망상태=알수없음(U)/설치(I)/지우기(R)/깨끗이(P)/고정(H) | 상태=아님(N)/설치(I)/설정(C)/풀림(U)/절반설정(F)/일부설치(H)/트리거대기(W)/ | / 트리거밀림(T) |/ 오류?=(없음)/다시설치필요(R) (상태, 오류가 대문자=불량) ||/ 이름 버전 Architecture 설명 ------------------------------------------------------- ii openssl 1.0.1f-1ubun amd64 Secure Sockets Layer toolkit - cr |
※ 버전이 1.0.1f 로 나오면 정상 업데이트된 결과입니다.
Copyright © 2023 invesume, Licensed under the Apache License, Version 2.0. HamoniKR and HamoniKR OS logo are trademarks of The Invesume, Inc.
※ 취약점 보고 전문 : http://www.ubuntu.com/usn/usn-2830-1/
USN-2830-1: OpenSSL vulnerabilities
USN-2830-1: OpenSSL vulnerabilities
Ubuntu Security Notice USN-2830-1
7th December, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Summary
Several security issues were fixed in OpenSSL.
Software description
Details
Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange
for an anonymous DH ciphersuite with the value of p set to 0. A remote
attacker could possibly use this issue to cause OpenSSL to crash, resulting
in a denial of service. This issue only applied to Ubuntu 15.10.
(CVE-2015-1794)
Hanno Böck discovered that the OpenSSL Montgomery squaring procedure
algorithm may produce incorrect results when being used on x86_64. A remote
attacker could possibly use this issue to break encryption. This issue only
applied to Ubuntu 15.10. (CVE-2015-3193)
Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1
signatures with a missing PSS parameter. A remote attacker could possibly
use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2015-3194)
Adam Langley discovered that OpenSSL incorrectly handled malformed
X509_ATTRIBUTE structures. A remote attacker could possibly use this issue
to cause OpenSSL to consume resources, resulting in a denial of service.
(CVE-2015-3195)
It was discovered that OpenSSL incorrectly handled PSK identity hints. A
remote attacker could possibly use this issue to cause OpenSSL to crash,
resulting in a denial of service. This issue only applied to Ubuntu 12.04
LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)
Update instructions
The problem can be corrected by updating your system to the following package version:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196