Aspera software is not affected by vulnerabilities found in two versions of OpenSSL.
OpenSSL 1.0.2 has been found to contain vulnerabilities due to the use of unsafe primes in X9.42 style parameter files. Both OpenSSL 1.0.2 and 1.0.1 have been found to contain vulnerabilities in SSLv2 ciphers that have been disabled on a server.
It has been recommended to upgrade:
- OpenSSL 1.0.2 to 1.0.2f
- OpenSSL 1.0.1 to 1.0.1r
Aspera products are not exposed to these vulnerabilities. SSLv2 support has been disabled completely for Enterprise Server since version 3.5.4.