[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[upki-fed:00836] OpenSSL$B$N@H

$B3F0L(B

$B!!9qN)>pJs3X8&5f=j!!3XG';vL36I$G$9!#(B
$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j$^$7$F!$$"$j$,$H$&$4$6$$$^$9!#(B

OpenSSL Project$B$h$j(BOpenSSL$B$K4X$9$kJ#?t$N@Hl9g$O!"(BMan-in-the-Middle (MITM)$B96(B
$B7b$K$h$k0E9fDL?.$NFbMF$,O31L!&2~cb$5$l$k2DG=@-$,;XE&$5$l$F$$$^$9!#(B

CVE-2014-0224$B$G$O%/%i%$%"%s%H$H%5!<%P$,$H$b$K%P%0$,B8:_$9$k%P!<%8%g%s$G(B
$B1F6A$re!$Ev3:@Hl9g$O!$B.$d(B
$B$+$K%"%C%W%G!<%H$r9T$C$F$$$?$@$/$3$H$r$*$9$9$a$$$?$7$^$9!#(B


$B"#1F6A$rl9g$K$O!"$9$G$K(B
  $B%"%C%W%G!<%H%Q%C%1!<%8$,Ds6!$5$l$F$$$^$9!#%Q%C%1!<%8$N%"%C%W%G!<%H8e(B
  $B$K!"%5!<%P$N:F5/F0$^$?$O(Bhttpd, shibd$B$J$I$N3Fhttp://lists.centos.org/pipermail/centos-announce/2014-June/020349.html
    $B!!"((B openssl-0.9.8e-27.el5_10.3 $B$,K\@Hhttp://lists.centos.org/pipermail/centos-announce/2014-June/020344.html
    $B!!"((B openssl-1.0.1e-16.el6_5.14 $B$,K\@Hl9g$G$bK\@HpJs$r$43NG'$$(B
  $B$?$@$/$3$H$r$*$9$9$a$$$?$7$^$9!#(B

$B"#%"%C%W%G!<%HJ}K!(B(Windows)
  Windows$BMQ$N(BShibboleth SP$B%Q%C%1!<%8$O(BOpenSSL$B$r%Q%C%1!<%8FbIt$K4^$s$G$$(B
  $B$k$?$a!"(BShibboleth SP 2.5.3$B%Q%C%1!<%8$X$N%Q%C%AE,MQ$,I,MW$G$9!#(B

  $B!!!!%"%I%P%$%6%j$r$43NG'$N>e!"%Q%C%A$NE,MQ$r9T$C$F$/$@$5$$!#(B

  $B!!!!(BShibboleth Security Advisory [08 June 2014]
   $B!!!!(B http://shibboleth.net/community/advisories/secadv_20140608.txt

  Shibboleth SP 2.4.3$B$*$h$S$=$l0JA0$N%P!<%8%g%s$r$4MxMQ$N>l9g$K$O!"%5!<(B
  $B%P$H$7$FK\@Hl9g$O!"5,Dj$N%"%C%W(B
  $B%G!<%HH$/$@$5$$!#(B


https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPWindowsUpgrade

$B0J>e$G$9!#(B


$B;29M>pJs!'(B

$B!&(BOpenSSL Security Advisory [05 Jun 2014] $B!J(BOpenSSL$B8x<0$N%;%-%e%j%F%#%"(B
$B%I%P%$%6%j!K(B
  https://www.openssl.org/news/secadv_20140605.txt

$B!&(BShibboleth Security Advisory [08 June 2014] $B!J(BShibboleth Consortium$B$N(B
$B%;%-%e%j%F%#%"%I%P%$%6%j!K(B
  http://shibboleth.net/community/advisories/secadv_20140608.txt

$B!&(BCCS Injection$B@HR2p(B
  http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection/index.html

$B!&(BCCS Injection Vulnerability
  http://ccsinjection.lepidum.co.jp/ja.html



-- 
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B  https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B   https://office.gakunin.nii.ac.jp/
=========================================================