-----开始PGP签名消息-----哈希：SHA256 Aruba产品安全咨询===============================咨询ID：Aruba-PSA-2015-003 CVE：CVE-2014-3571，CVE-2014-3569，CVE-2014-3569，CVE-2015-3572，CVE-2015-0204，CVE-2015-0205，CVE-2014-8275，CVE-2014-3570出版日期：2015-FEB-05状态：确认修订版：1标题===== openssl多漏洞（2015年1月8日）概述========多漏洞存在于openssl中。有关更多详细信息，请参阅https://www.openssl.org/news/secadv_20150108.txt受影响的Aruba产品======================= - ArubaOS（所有版本）未受影响的Aruba产品========================= - Clearpass政策经理 - Airwave - Aruba Instant -VIA - Meridian详细信息=======多个Aruba产品利用OpenSSL到不同的范围。在Arubaos内存在低严重程度的暴露。其他阿鲁巴产品不受影响。在ArubaOS中，两个功能使用TLS客户端功能：LDAP OVER TLS，以及手机主页功能。CVE-2014-3572和CVE-2015-0204在使用TLS客户端功能时会影响OpenSSL。 Aruba considers the severity to be extremely low, since ArubaOS does not establish TLS connections with arbitrary TLS servers on the public Internet. LDAPS only connects to a trusted LDAP server within an organization's own IT environment. The Phone Home feature only connects to an Aruba-operated server. Other vulnerabilities reported in the OpenSSL 08-January advisory do not affect any Aruba products. Resolution ========== Aruba will patch OpenSSL in ArubaOS during the normal course of product maintenance. Because of the low severity of this vulnerability, Aruba will not issue emergency fixes. Aruba has assigned bug numbers 112492 and 112493 to track these issues. Obtaining Fixed Software ======================== Aruba customers can obtain software updates on the support website: http://support.arubanetworks.com Aruba Support contacts are as follows: +1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) The full contact list is at: //www.nexbus-cng.com/support-services/support-program/contact-support/ e-mail: support(at)arubanetworks.com Please do not contact "sirt(at)arubanetworks.com" for software upgrades. Revision History ================ Revision 1.0 / 2015-Feb-05 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2015 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJU080EAAoJEJj+CcpFhYbZIRoH/0SX/OuoWhIvx2btT7OUjujt UskifClxnwSqKM1TQsG25K7uXLSE4Fyk5Qn3ihu16Atqex8cMwknmrlH/t/RAsqz eQUA5yHvDfEa6fco7fya+CeSgc7tTgac77xghvQyLMVbE5pBL9I7zqaOAAFBa8Tr XfdFVA8/jPV6fIB3viIBo7QMRAf8Ok7kmBhoz4/CI9clhk72T+79Xw2G4Z0xlljY YUub+d0OQ6OtbRPoXmc6PhyO1clSmZZgRMPPuT786WTnYpEw5V8dn05xSFpY+KyS GUS8RmLYQfO1E14Y2c3ViIDG6LybXX7pJMBA4Hc+S5JO6Nv2o+NLUzWOwOVo2FM= =TQtC -----END PGP SIGNATURE-----