https://www.openssl.org/news/vulnerabilities.html
openssl-1.0.2u受影响的漏洞列表
--------2022--------
CVE-2022-1292 (OpenSSL advisory) [Moderate severity] 03 May 2022:
Fixed in OpenSSL 1.0.2ze (git commit) (Affected 1.0.2-1.0.2zd)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/9
CVE-2022-0778 (OpenSSL advisory) [High severity] 15 March 2022:
Fixed in OpenSSL 1.0.2zd (git commit) (Affected 1.0.2-1.0.2zc)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/7
CVE-2021-4160 (OpenSSL advisory) [Moderate severity] 28 January 2022:
Fixed in OpenSSL 1.0.2zc-dev (git commit) (Affected 1.0.2-1.0.2zb)
当前未修复原因: 代码存在差异,避免非必要异常(而且漏洞仅影响MIPS平台,正常的x86架构不受影响)
--------2021--------
CVE-2021-3712 (OpenSSL advisory) [Moderate severity] 24 August 2021:
Fixed in OpenSSL 1.0.2za (git commit) (Affected 1.0.2-1.0.2y)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/6
CVE-2021-23841 (OpenSSL advisory) [Moderate severity] 16 February 2021:
Fixed in OpenSSL 1.0.2y (git commit) (Affected 1.0.2-1.0.2x)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/5
CVE-2021-23840 (OpenSSL advisory) [Low severity] 16 February 2021:
Fixed in OpenSSL 1.0.2y (git commit) (Affected 1.0.2-1.0.2x)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/4
CVE-2021-23839 (OpenSSL advisory) [Low severity] 16 February 2021:
Fixed in OpenSSL 1.0.2y (git commit) (Affected 1.0.2s-1.0.2x)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/3
--------2020--------
CVE-2020-1971 (OpenSSL advisory) [High severity] 08 December 2020:
Fixed in OpenSSL 1.0.2x (git commit) (Affected 1.0.2-1.0.2w)
本仓库已修复: https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/2
CVE-2020-1968 (OpenSSL advisory) [Low severity] 09 September 2020:
Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)
当前未修复原因: 官方无漏洞修复代码,且为低危漏洞
./config shared make -j4
待续
OpenSSL 1.0.2u 20 Dec 2019
Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved.
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptograpic library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the OpenSSL license plus the SSLeay license), which means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill the conditions of both licenses.
The OpenSSL toolkit includes:
libssl.a: Provides the client and server-side implementations for SSLv3 and TLS.
libcrypto.a: Provides general cryptographic and X.509 support needed by SSL/TLS but not logically part of it.
openssl: A command line tool that can be used for: Creation of key parameters Creation of X.509 certificates, CSRs and CRLs Calculation of message digests Encryption and decryption SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail And more...
See the appropriate file: INSTALL Linux, Unix, etc. INSTALL.DJGPP DOS platform with DJGPP INSTALL.NW Netware INSTALL.OS2 OS/2 INSTALL.VMS VMS INSTALL.W32 Windows (32bit) INSTALL.W64 Windows (64bit) INSTALL.WCE Windows CE
See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support.
If you have any problems with OpenSSL then please take the following steps first:
- Download the latest version from the repository
to see if the problem has already been addressed
- Configure with no-asm
- Remove compiler optimisation flags
If you wish to report a bug then please include the following information and create an issue on GitHub:
- On Unix systems:
Self-test report generated by 'make report'
- On other systems:
OpenSSL version: output of 'openssl version -a'
OS Name, Version, Hardware platform
Compiler Details (name, version)
- Application Details (name, version)
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
Just because something doesn't work the way you expect does not mean it is necessarily a bug in OpenSSL.
See CONTRIBUTING
A number of nations restrict the use or export of cryptography. If you are potentially subject to such restrictions you should seek competent professional legal advice before attempting to develop or distribute cryptographic code.