06-17-2015 06:15 AM
Hi, does anyone know what we can do to mitigate this:
Found this:
http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks
…which links to this Poodle article:
http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat
…the POODLE wiki page:
https://en.wikipedia.org/wiki/POODLE#External_links
…the US-Cert page re POODLE:
https://www.us-cert.gov/ncas/alerts/TA14-290A
…the OpenSSL Org related advisory:
https://www.openssl.org/news/secadv_20141015.txt
…which suggests that users of SSLv3 should upgrade:
OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
The Symantec N5230 Appliance running Appliance v2.6.1.2, reports its OpenSSL version as:
my-appliance:/home/maintenance # openssl version OpenSSL 0.9.8j-fips 07 Jan 2009
.
Is there an official statement re appliances?
Thanks.
Solved! Go to Solution.
06-17-2015 01:56 PM
I do believe this is the statement.
06-17-2015 07:24 AM
HI Man!
Raise it with Symantec! They are the right people to comment on this.
06-17-2015 01:56 PM
I do believe this is the statement.
06-18-2015 01:04 AM
Thanks again.