ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2018-0739

'Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).'

ClearCenter response

This issue affects ClearOS 7 and ClearOS 6. There are no plans to fix this issue in ClearOS 6 at this time.

Short response

ClearOS 6 and ClearOS 7 are affected by this issue. No upstream fix for RHEL or CentOS exists for this issue. A fix has been reported for Fedora. The risk associated with this issue is a potential Denial of Service attack.

Long response

ClearOS 6 and ClearOS 7 are affected by this issue. No upstream fix for RHEL or CentOS exists for this issue. A fix has been reported for Fedora. The risk associated with this issue is a potential Denial of Service attack. To mitigate risk while a fix is created, ensure that you have methods to lock down access to trusted networks.

https://tracker.clearos.com/view.php?id=21681

Resolution

To mitigate risk, watch performance of sites and services using SSL. If slowness exists, analysis of access during DoS, can reveal the attacker. Also, you can mitigate risk by limiting access to trusted networks and sources.

content/en_us/announcements_cve_cve-2018-0739.txt · Last modified: 2018/10/01 13:56 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2018-0739&1558895355