LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 982|回复: 3

Linux 更新信息……求翻择

[复制链接]
发表于 2003-3-7 11:14:22 | 显示全部楼层 |阅读模式
先谢谢了,大概什么意思啊?

Summary:
Updated OpenSSL packages fix timing attack

Updated OpenSSL packages are available that fix a potential timing-based
attack.

Description:
OpenSSL is a commercial-grade, full-featured, and open source toolkit that
implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols as well as a full-strength general purpose
cryptography library.

In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin
Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites
in SSL and TLS.  An active attacker may be able to use timing observations
to distinguish between two different error cases: cipher padding errors and
MAC verification errors.  Over multiple connections this can leak
sufficient information to make it possible to retrieve the plaintext of a
common, fixed block.

In order for an attack to be sucessful, an attacker must be able to act as
a man-in-the-middle to intercept and modify multiple connections, which all
involve a common fixed plaintext block (such as a password), and have good
network conditions that allow small changes in timing to be reliably
observed.

These erratum packages contain a patch provided by the OpenSSL group that
corrects this vulnerability.

Because server applications are affected by these vulnerabilities, we
advise users to restart all services that use OpenSSL functionality or
alternatively reboot their systems after installing these updates.

References:
http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps
发表于 2003-3-7 12:36:24 | 显示全部楼层
是不是关于加密的啊????大家知道贴文章啊,我也想知道
发表于 2003-3-7 19:32:24 | 显示全部楼层

Re: Linux 更新信息……求翻择

最初由 thunderbird 发布
先谢谢了,大概什么意思啊?
These erratum packages contain a patch provided by the OpenSSL group that
corrects this vulnerability.


because server applications are affected by these vulnerabilities, we
advise users to restart all services that use OpenSSL functionality or
alternatively reboot their systems after installing these updates.

References:
http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps


先翻最后二段:
这些修正错误的软件包包含了一个由OpenSSL组织提供的补丁。

因为服务器应用软件会受这些弱点的影响,所以我们建议用户重新启动所有使用了OpenSSl功能的服务或者在安装这些更新以后重新启动系统。
参考:http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps

上面哪些,等我心情好的时候再来
 楼主| 发表于 2003-3-7 20:54:39 | 显示全部楼层
谢谢谢谢……… 那要怎么做呢?????
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表