OpenSSL 安全漏洞

CNNVD-ID编号	CNNVD-201909-450
CVE编号	CVE-2019-1563
发布时间	2019-09-10
更新时间	2021-01-21
漏洞类型	其他
漏洞来源	Ubuntu,Red Hat,openssl.org,Slackware Security Team
危险等级	低危
威胁类型	远程
厂商	N/A

漏洞介绍

OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层（SSLv2/v3）和安全传输层（TLSv1）协议的通用加密库。该产品支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。

OpenSSL 1.0.2版本至1.0.2s版本、1.1.0版本至1.1.0k版本和1.1.1版本至1.1.1c版本中存在安全漏洞。攻击者可通过发送大量加密的消息利用该漏洞恢复CMS/PKCS7传输的加密密钥或解密使用公共的RSA密钥加密的消息。

漏洞补丁

目前厂商已发布升级了OpenSSL 安全漏洞的补丁，OpenSSL 安全漏洞的补丁获取链接：

https://www.openssl.org/news/secadv/20190910.txt

参考网址

来源:CONFIRM

链接：https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64
来源:MISC

链接：https://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
来源:MISC

链接：https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
来源:UBUNTU

链接：https://usn.ubuntu.com/4376-1/
来源:N/A

链接：https://www.oracle.com/security-alerts/cpuapr2020.html
来源:CONFIRM

链接：https://www.openssl.org/news/secadv/20190910.txt
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Oct/1
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Oct/0
来源:DEBIAN

链接：https://www.debian.org/security/2019/dsa-4539
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
来源:git.openssl.org

链接：https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
来源:git.openssl.org

链接：https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97
来源:MISC

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
来源:DEBIAN

链接：https://www.debian.org/security/2019/dsa-4540
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
来源:MISC

链接：https://www.oracle.com/security-alerts/cpujan2020.html
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
来源:GENTOO

链接：https://security.gentoo.org/glsa/201911-04
来源:UBUNTU

链接：https://usn.ubuntu.com/4376-2/
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
来源:CONFIRM

链接：https://security.netapp.com/advisory/ntap-20190919-0002/
来源:UBUNTU

链接：https://usn.ubuntu.com/4504-1/
来源:CONFIRM

链接：https://www.tenable.com/security/tns-2019-09
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Sep/25
来源:CONFIRM

链接：https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
来源:MISC

链接：https://www.oracle.com/security-alerts/cpujul2020.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-20200099-1.html
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/2002869
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1167088
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1167106
来源:www.hitachi.co.jp

链接：https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/ hitachi-sec-2019-127/index.html
来源:www.hitachi.co.jp

链接：https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/ hitachi-sec-2019-112/index.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2019/suse-su-201914171-1.html
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1137634
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1115031
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1115109
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2019/suse-su-201914174-1.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2019/suse-su-20192397-1.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2019/suse-su-20192413-1.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2019/suse-su-20192410-1.html
来源:www.intel.com

链接：https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00311.html
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1282768
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1282774
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-openssl-cve-2019-1547-and-cve-2019-1563/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-icp-speech-to-text-text-to-speech-openssl-vulnerability-fix/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3729/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-vulnerabilities-2/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0044/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4784/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0267/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1167100
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-aspera-web-applications-faspex-console-orchestrator-are-affected-by-openssl-vulnerabilities-cve-2019-1547-cve-2019-1549-cve-2019-1563/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-openssl-package/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1889/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3543.2/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3530/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4749/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0517/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1008/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2383/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2593/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157421/Red-Hat-Security-Advisory-2020-1840-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4481/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1116033
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-nextscale-fan-power-controller-fpc-is-affected-by-vulnerabilities-in-openssl-cve-2019-1547-and-cve-2019-1563/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3543/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches-2/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158377/Ubuntu-Security-Notice-USN-4376-2.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-openssl-a-product-which-ships-with-ibm-tivoli-nework-manager/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1146538
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2019-1547-cve-2019-1549-cve-2019-1563-cve-2019-1552/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157856/Ubuntu-Security-Notice-USN-4376-1.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4657/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2201/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-cognos-business-intelligence-cognos-bi-shipped-with-tivoli-common-reporting-cve-2019-1547-cve-2019-1549-cve-2019-1563/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0144/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssl-affect-ibm-netezza-analytics/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159195/Ubuntu-Security-Notice-USN-4504-1.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-openssl-cve-2019-1563-cve-2019-1549-cve-2019-1547-2/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157128/Red-Hat-Security-Advisory-2020-1337-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3568/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1487/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1224/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3700/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-2/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158637/Red-Hat-Security-Advisory-2020-3194-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-gcm16-gcm32-kvm-switch-firmware/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/47947
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-cve-2019-1563-cve-2019-1547-impact-ibm-aspera-streaming-ibm-aspera-streaming-for-video-version-3-9-6-1-and-earlier/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1137844
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3170/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/154455/OpenSSL-Toolkit-1.1.1d.html
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1172266
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-openssl-vulnerabilities-cve-2019-1547-and-cve-2019-1563/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1168564
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0490/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0191/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-watson-explorer-foundational-components-cve-2019-1563-cve-2019-1549-cve-2019-1547/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-1563

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201909-450