- Subject: [upki-fed:00836] OpenSSL�$B$N@H
- Date: Thu, 12 Jun 2014 17:33:51 +0900
- From: �$B9qN)>pJs3X8&5f=j!!3XG';vL36I!!LnED�(B <xxxxxxxxxxxxxx@xxxxxxxxx>
�$B3F0L�(B
�$B!!9qN)>pJs3X8&5f=j!!3XG';vL36I$G$9!#�(B
�$BJ?AG$h$j3XG'$N;v6H$K$46(NO$r;r$j$^$7$F!$$"$j$,$H$&$4$6$$$^$9!#�(B
OpenSSL Project�$B$h$j�(BOpenSSL�$B$K4X$9$kJ#?t$N@Hl9g$O!"�(BMan-in-the-Middle (MITM)�$B96�(B
�$B7b$K$h$k0E9fDL?.$NFbMF$,O31L!&2~cb$5$l$k2DG=@-$,;XE&$5$l$F$$$^$9!#�(B
CVE-2014-0224�$B$G$O%/%i%$%"%s%H$H%5!<%P$,$H$b$K%P%0$,B8:_$9$k%P!<%8%g%s$G�(B
�$B1F6A$re!$Ev3:@Hl9g$O!$B.$d�(B
�$B$+$K%"%C%W%G!<%H$r9T$C$F$$$?$@$/$3$H$r$*$9$9$a$$$?$7$^$9!#�(B
�$B"#1F6A$rl9g$K$O!"$9$G$K�(B
�$B%"%C%W%G!<%H%Q%C%1!<%8$,Ds6!$5$l$F$$$^$9!#%Q%C%1!<%8$N%"%C%W%G!<%H8e�(B
�$B$K!"%5!<%P$N:F5/F0$^$?$O�(Bhttpd, shibd�$B$J$I$N3Fhttp://lists.centos.org/pipermail/centos-announce/2014-June/020349.html
�$B!!"(�(B openssl-0.9.8e-27.el5_10.3 �$B$,K\@Hhttp://lists.centos.org/pipermail/centos-announce/2014-June/020344.html
�$B!!"(�(B openssl-1.0.1e-16.el6_5.14 �$B$,K\@Hl9g$G$bK\@HpJs$r$43NG'$$�(B
�$B$?$@$/$3$H$r$*$9$9$a$$$?$7$^$9!#�(B
�$B"#%"%C%W%G!<%HJ}K!�(B(Windows)
Windows�$BMQ$N�(BShibboleth SP�$B%Q%C%1!<%8$O�(BOpenSSL�$B$r%Q%C%1!<%8FbIt$K4^$s$G$$�(B
�$B$k$?$a!"�(BShibboleth SP 2.5.3�$B%Q%C%1!<%8$X$N%Q%C%AE,MQ$,I,MW$G$9!#�(B
�$B!!!!%"%I%P%$%6%j$r$43NG'$N>e!"%Q%C%A$NE,MQ$r9T$C$F$/$@$5$$!#�(B
�$B!!!!�(BShibboleth Security Advisory [08 June 2014]
�$B!!!!�(B http://shibboleth.net/community/advisories/secadv_20140608.txt
Shibboleth SP 2.4.3�$B$*$h$S$=$l0JA0$N%P!<%8%g%s$r$4MxMQ$N>l9g$K$O!"%5!<�(B
�$B%P$H$7$FK\@Hl9g$O!"5,Dj$N%"%C%W�(B
�$B%G!<%HH$/$@$5$$!#�(B
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPWindowsUpgrade
�$B0J>e$G$9!#�(B
�$B;29M>pJs!'�(B
�$B!&�(BOpenSSL Security Advisory [05 Jun 2014] �$B!J�(BOpenSSL�$B8x<0$N%;%-%e%j%F%#%"�(B
�$B%I%P%$%6%j!K�(B
https://www.openssl.org/news/secadv_20140605.txt
�$B!&�(BShibboleth Security Advisory [08 June 2014] �$B!J�(BShibboleth Consortium�$B$N�(B
�$B%;%-%e%j%F%#%"%I%P%$%6%j!K�(B
http://shibboleth.net/community/advisories/secadv_20140608.txt
�$B!&�(BCCS Injection�$B@HR2p�(B
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection/index.html
�$B!&�(BCCS Injection Vulnerability
http://ccsinjection.lepidum.co.jp/ja.html
--
=========================================================
�$B!!9qN)>pJs3X8&5f=j�(B �$B3X=Q4pHW2]�(B �$B3XG';vL36I!!!JC4Ev!'LnED!K�(B
�$B!!�(BTEL�$B!'�(B03-4212-2218�$B!!�(xxxxxxxxxxxxxxx@xxxxxxxxx
�$B!!3XG'�(BWeb�$B%Z!<%8�(B https://www.gakunin.jp/
�$B!!?=@A%7%9%F%`�(B https://office.gakunin.nii.ac.jp/
=========================================================