OpenSSL 1.0.2 ClientHello sigalgs DoS

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause a segmentation fault within OpenSSL, thus enabling a potential DoS attack. This issue affects OpenSSL version: 1.0.2
xCAT does not ship OpenSSL. Please upgrade OpenSSL to 1.0.2a or upper, you can get the package from the OS distribution.


Related

Wiki: Main_Page

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks