Upgrade the openssl version to fix high-risk vulnerabilities--“the OpenSSL Red Alert”vulnerability-vulnerability warning-the black bar safety net

Background:
Recently the OpenSSL official release of a wide range of remote anonymous denial of service vulnerability, exploit code: SSL-Death Alert”, vulnerability ID: CVE-2 0 1 6-8 6 1 0, that“OpenSSL Red Alert”vulnerability, exploit the vulnerability the attacker may be too much of a connection to repeatedly send a lot of overlap warnings in the package, so the service or process into a meaningless cycle, thereby resulting in the occupation of down services or processes 1 0 0% CPU utilization, resulting in a denial of service.
The vulnerability affects the majority of OpenSSL versions affected also include the use of OpenSSL in the repository services, such as HTTPS, SSL or TLS Protocol services of the Nginx one.
In view of this, we strongly recommend that you as soon as possible to confirm your system is affected, such as the affected, Please as soon as possible to upgrade repair.
The vulnerability details are as follows:
The [risk overview]
OpenSSL 1.1.0 a version of OpenSSL for SSL/TLS Protocol handshake process implementation, allows the client to repeatedly send the package “SSL3_RT_ALERT” -> “SSL3_AL_WARNING” type plaintext undecided vigilante. report package, and OpenSSL in implementation encountered undefined vigilante. report package still choose to ignore and continue processing the next content of the communication, if any. An attacker can easily exploit the flaw in a message packaged in a large number of undefined Type Warning in the package, so the service or process into a meaningless cycle, thereby resulting in the occupation of down services or processes 1 0 0% CPU usage. The statem/statem. c call to realloc does not consider the memory block is moved, the remote attacker by constructing a TLS session, can cause a denial of service or arbitrary code execution.
【Impact version】

1. the Openssl 0.9.8 branch are all versions affected
2. the Openssl 1.0.1 branch-all versions affected
   3） Openssl 1.0. 2 branches in addition to 1. 0. 2 i, 1.0.2 j version, the full version of the affected
   4）Openssl 1.1. 0 branches in addition to 1. 1. 0 a and 1.1.0 b version, all versions affected
   【Non-Affected version】
   OpenSSL >= 1.0.2 j
   OpenSSL >= 1.1.0 b
   【Repair recommendations】
   Will your OpenSSL upgrade to 1. 1. 0b or 1. 0. 2 j the latest version of a source package installation package download address: https://www.openssl.org/source/
   【Repair recommendations】
   Will your OpenSSL upgrade to 1. 1. 0b or 1. 0. 2 j the latest version of a source package installation package download address: https://www.openssl.org/source/
   【Reminder】: the official no longer maintain 0. 9. 8 branch, 1.0.1 branch end will also stop the maintenance, the official is no longer a vulnerability patch, it is recommended you as soon as possible to switch 1. 1. 0 OR 1. 0. 2 Version, to avoid the late official the vulnerability cannot be immediately updated fix.
   【Vulnerability reference]
   1）https://www.openssl.org/
   2） https://git.openssl.org/gitweb/p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
   3）https://access.redhat.com/security/cve/CVE-2016-8610/
   4）http://seclists.org/oss-sec/2016/q4/224
   I went to the official website to download the latest openssl versions:
   https://www.openssl.org/source/
   wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
   Unzip compile the installation:
   tar zxvf openssl-1.0.2j.tar.gz
   cd openssl-1.0.2 j
   ./ config shared zlib
   make
   make install
   The new compiled openssl to replace the system of the old version drops:
   rm-rf /usr/bin/openssl
   rm-rf /usr/include/openssl/
   ln-s /usr/local/ssl/bin/openssl /usr/bin/openssl
   ln-s /usr/local/ssl/include/openssl/ /usr/include/openssl
   ! [](/Article/UploadPic/2016-10/2 0 1 6 1 0 2 9 1 7 1 0 1 4 7 8 7. png? www. myhack58. com)

The configuration file search path:
echo “/usr/local/ssl/lib/” >> /etc/ld. so. conf
! [](/Article/UploadPic/2016-10/2 0 1 6 1 0 2 9 1 7 1 0 1 4 9 8 8. png? www. myhack58. com)

View after installation of the latest version:
openssl version
! [](/Article/UploadPic/2016-10/2 0 1 6 1 0 2 9 1 7 1 0 1 4 6 2 1. png? www. myhack58. com)
openssl version-a
! [](/Article/UploadPic/2016-10/2 0 1 6 1 0 2 9 1 7 1 0 1 4 1 3 6. png? www. myhack58. com)