Security Bulletin: OpenSSL 1.0.2 and 1.0.1 vulnerabilities (CVE-2016-0701 and CVE-2015-3197)

Summary

Aspera software is not affected by vulnerabilities found in two versions of OpenSSL.

OpenSSL 1.0.2 has been found to contain vulnerabilities due to the use of unsafe primes in X9.42 style parameter files. Both OpenSSL 1.0.2 and 1.0.1 have been found to contain vulnerabilities in SSLv2 ciphers that have been disabled on a server.

It has been recommended to upgrade:

  • OpenSSL 1.0.2 to 1.0.2f
  • OpenSSL 1.0.1 to 1.0.1r

Impact

Aspera products are not exposed to these vulnerabilities. SSLv2 support has been disabled completely for Enterprise Server since version 3.5.4.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk