- Subject: [upki-fed:00836] OpenSSL$B$N@H
- Date: Thu, 12 Jun 2014 17:33:51 +0900
- From: $B9qN)>pJs3X8&5f=j!!3XG';vL36I!!LnED(B <xxxxxxxxxxxxxx@xxxxxxxxx>
$B3F0L(B
$B!!9qN)>pJs3X8&5f=j!!3XG';vL36I$G$9!#(B
$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j$^$7$F!$$"$j$,$H$&$4$6$$$^$9!#(B
OpenSSL Project$B$h$j(BOpenSSL$B$K4X$9$kJ#?t$N@Hl9g$O!"(BMan-in-the-Middle (MITM)$B96(B
$B7b$K$h$k0E9fDL?.$NFbMF$,O31L!&2~cb$5$l$k2DG=@-$,;XE&$5$l$F$$$^$9!#(B
CVE-2014-0224$B$G$O%/%i%$%"%s%H$H%5!<%P$,$H$b$K%P%0$,B8:_$9$k%P!<%8%g%s$G(B
$B1F6A$re!$Ev3:@Hl9g$O!$B.$d(B
$B$+$K%"%C%W%G!<%H$r9T$C$F$$$?$@$/$3$H$r$*$9$9$a$$$?$7$^$9!#(B
$B"#1F6A$rl9g$K$O!"$9$G$K(B
$B%"%C%W%G!<%H%Q%C%1!<%8$,Ds6!$5$l$F$$$^$9!#%Q%C%1!<%8$N%"%C%W%G!<%H8e(B
$B$K!"%5!<%P$N:F5/F0$^$?$O(Bhttpd, shibd$B$J$I$N3Fhttp://lists.centos.org/pipermail/centos-announce/2014-June/020349.html
$B!!"((B openssl-0.9.8e-27.el5_10.3 $B$,K\@Hhttp://lists.centos.org/pipermail/centos-announce/2014-June/020344.html
$B!!"((B openssl-1.0.1e-16.el6_5.14 $B$,K\@Hl9g$G$bK\@HpJs$r$43NG'$$(B
$B$?$@$/$3$H$r$*$9$9$a$$$?$7$^$9!#(B
$B"#%"%C%W%G!<%HJ}K!(B(Windows)
Windows$BMQ$N(BShibboleth SP$B%Q%C%1!<%8$O(BOpenSSL$B$r%Q%C%1!<%8FbIt$K4^$s$G$$(B
$B$k$?$a!"(BShibboleth SP 2.5.3$B%Q%C%1!<%8$X$N%Q%C%AE,MQ$,I,MW$G$9!#(B
$B!!!!%"%I%P%$%6%j$r$43NG'$N>e!"%Q%C%A$NE,MQ$r9T$C$F$/$@$5$$!#(B
$B!!!!(BShibboleth Security Advisory [08 June 2014]
$B!!!!(B http://shibboleth.net/community/advisories/secadv_20140608.txt
Shibboleth SP 2.4.3$B$*$h$S$=$l0JA0$N%P!<%8%g%s$r$4MxMQ$N>l9g$K$O!"%5!<(B
$B%P$H$7$FK\@Hl9g$O!"5,Dj$N%"%C%W(B
$B%G!<%HH$/$@$5$$!#(B
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPWindowsUpgrade
$B0J>e$G$9!#(B
$B;29M>pJs!'(B
$B!&(BOpenSSL Security Advisory [05 Jun 2014] $B!J(BOpenSSL$B8x<0$N%;%-%e%j%F%#%"(B
$B%I%P%$%6%j!K(B
https://www.openssl.org/news/secadv_20140605.txt
$B!&(BShibboleth Security Advisory [08 June 2014] $B!J(BShibboleth Consortium$B$N(B
$B%;%-%e%j%F%#%"%I%P%$%6%j!K(B
http://shibboleth.net/community/advisories/secadv_20140608.txt
$B!&(BCCS Injection$B@HR2p(B
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection/index.html
$B!&(BCCS Injection Vulnerability
http://ccsinjection.lepidum.co.jp/ja.html
--
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B https://office.gakunin.nii.ac.jp/
=========================================================