188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psi -2018-004 CVE: CVE-2018-5390, CVE-2018-5391发布日期:2018- 8月24日状态:确认修订:2标题===== Linux Kernel vulnerability in ClearPass and AirWave Overview ========两个Linux Kernel vulnerability, known as“SegmentSmack”and“FragmentSmack”，have been公开披露。影响Aruba ClearPass Policy Manager和Aruba AirWave使用的Linux内核。其他阿鲁巴产品不受影响。受影响的产品 ================= ClearPass 6.6。x ClearPass 6.7。=======该漏洞导致Linux内核在响应特定的网络数据包时消耗CPU周期，从而导致拒绝服务攻击。有关更多信息,请参见以下url: https://access.redhat.com/security/cve/cve——- 2018 - 5390 - - - https://access.redhat.com/security/cve/cve - 2018 - 5391 ClearPass所使用的底层操作系统和CentOS的频道,这是一个下游红帽企业Linux的导数。严重程度:高CVSSv3总分:7.5 CVSS向量:CVSS: 3.0 / AV: N /交流:L /公关:N / UI: N / S: U / C: N /我:N / A: H决议 ========== - 热补丁适用于ClearPass(当可用)- cve - 2018 - 5390是固定在电波8.2.7.1 - cve - 2018 - 5391将固定在电波8.2.8注意:为了解决这些问题，需要进行广泛的测试，这导致了延迟。为了解决这些问题，CentOS内核更新还包括对Spectre/Meltdown漏洞的修复。 Although Spectre/Meltdown does not directly impact ClearPass or AirWave, the fixes for it may negatively impact performance. Aruba is still in the process of testing and characterizing performance to ensure that customer deployments are not impacted. Hotfixes for ClearPass will be clearly labeled as addressing CVE-2018-5390 and CVE-2018-5391, once they become available. This advisory will be updated with further details once new information becomes available. The latest version of this advisory will always be available at //www.nexbus-cng.com/assets/alert/ARUBA-PSA-2018-004.txt. Workarounds =========== These vulnerabilities can be mitigated by placing ClearPass and AirWave servers behind firewalls or on protected management networks that do not permit connections from untrusted systems. Revision History ================ Revision 1 / 2018-Aug-24 / Initial release Revision 2 / 2018-Nov-9 / Updated AirWave information Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2018 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAlvljIUACgkQmP4JykWF htk9wQf+PAoeazsKnnV6UYlBjW/6WEhO1dh4+TtH+mnaeaEkymzgqulCkbqkIMYM NA8YXhEHQUB1lYaG1rTEvY5QdJmIbGhJOgWdmtw+vvHMsO+FdWuREwnXn3zqXuSG 7a4OyA7lnnTzD4gDMMg41GIsuO7zIQsClNTmE/arQEHIXWoVkStQGOYeM+5KxORy +CnaCRHPUlrUjcessE47GPmpM/JQoRisBDz+qVlANyHCmlRIIH/sf52bSCIT2teo UkzXrvDKj6pe3uI2+B1YhjsXvegCo4NzA1y+kU92WrTCd1n7EiZtJjUPB5lxFRko xJDOaDOBH9nflCeN1CGC8wlHQR3jVQ== =UC7H -----END PGP SIGNATURE-----