Red Hat安全公告—2017年2月

CVE-2017-3733

Important

openssl097a openssl openssl098e OVMF

2017/2/16

CVE-2017-2630

Important

xen kvm qemu-kvm qemu-kvm-rhev

2017/2/3

标题

CVE-2017-3733

描述

It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client.

Find out more about CVE-2017-3733 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 5 (openssl)

Red Hat Enterprise Linux 5 (openssl097a)

Red Hat Enterprise Linux 6 (openssl)

Red Hat Enterprise Linux 6 (openssl098e)

Red Hat Enterprise Linux 7 (openssl)

Red Hat Enterprise Linux 7 (openssl098e)

Red Hat Enterprise Linux 7 (OVMF)

Bugzilla

1421695: CVE-2017-3733 openssl: Encrypt-Then-Mac renegotiation crash

详细信息

https://access.redhat.com/security/cve/cve-2017-3733

公告标识 CVE-2017-2630

标题

CVE-2017-2630

描述

The MITRE CVE dictionary describes this issue as:

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Find out more about CVE-2017-2630 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 7 (qemu-kvm-rhev)

Red Hat Enterprise Linux 7 (qemu-kvm)

Red Hat Enterprise Linux 6 (qemu-kvm)

Red Hat Enterprise Linux 5 (kvm)

Red Hat Enterprise Linux 5 (xen)

Bugzilla

1422415: CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync

详细信息

https://access.redhat.com/security/cve/cve-2017-2630