2015-03-24 - OpenSSL Vulnerabilities
OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause a segmentation fault within OpenSSL, thus enabling a potential DoS attack.
This issue affects OpenSSL version: 1.0.2
Action
xCAT uses OpenSSL for client-server communication but does not ship it. Upgrade OpenSSL to 1.0.2a or higher.