轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202601-00000029
[內容說明]
OpenSSL是開源的加密工具庫,主要用於安全通訊、SSL/TLS協定實作及憑證管理,支援多種加密演算法,廣泛應用於伺服器與應用程式。
近期OpenSSL發布安全性更新,修補重大資安漏洞(CVE-2025-15467,CVSS:9.8),此為堆疊緩衝區溢位漏洞,可能導致程式異常終止,引發拒絕服務(DoS)攻擊,甚至可能造成遠端程式碼執行。
[影響平台]
OpenSSL libray 3.6.0至3.6.1(不含)版本
OpenSSL libray 3.5.0至3.5.5(不含)版本
OpenSSL libray 3.4.0至3.4.4(不含)版本
OpenSSL libray 3.3.0至3.3.6(不含)版本
OpenSSL libray 3.0.0至3.0.19(不含)版本
[建議措施]
請更新至以下版本: OpenSSL libray 3.6.1(含)之後版本、 OpenSSL libray 3.5.5(含)之後版本、 OpenSSL libray 3.4.4(含)之後版本、 OpenSSL libray 3.3.6(含)之後版本、 OpenSSL libray 3.0.19(含)之後版本
[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10692-38c40-1.html
Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000029
[Content Description]
OpenSSL is an open-source encryption library primarily used for secure communication, SSL/TLS protocol implementation, and credential management. It supports various encryption algorithms and is widely used in servers and applications.
Recently, OpenSSL released a security update patching a critical cybersecurity vulnerability (CVE-2025-15467, CVSS: 9.8). This is a stack buffer overflow vulnerability that could cause abnormal program termination, leading to denial-of-service (DoS) attacks, and even remote code execution.
[Affected Platforms]
OpenSSL library versions 3.6.0 to 3.6.1 (excluding 3.6.1)
OpenSSL library versions 3.5.0 to 3.5.5 (excluding 3.5.5)
OpenSSL library versions 3.4.0 to 3.4.4 (excluding 3.4.4)
OpenSSL library versions 3.3.0 to 3.3.6 (excluding 3.3.6)
OpenSSL library versions 3.0.0 to 3.0.19 (excluding 3.0.19)
[Recommended Actions]
Please update to the following versions:
OpenSSL library version 3.6.1 (inclusive) and later,
OpenSSL library version 3.5.5 (inclusive) and later,
OpenSSL library version 3.4.4 (inclusive) and later,
OpenSSL library version 3.3.6 (inclusive) and later,
OpenSSL library version 3.0.19 (inclusive) and later
[References]
1. https://www.twcert.org.tw/tw/cp-169-10692-38c40-1.html