Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 19 April 2018
Microsoft Active Directory Federation Services is a key service in any corporation where this service is implemented. This new article details what is exactly ADFS and explain how it works,…
Posted by zenweb | 04 April 2018
This article opens a new knowledge base article series of high availability configurations for several Microsoft solutions. This time, we explain how to setup a highly available and enhanced security…
Posted by zenweb | 27 February 2018
The Zevenet Team is proud to announce the new layer 4 core named nftlb which stands for nftables load balancer, as it's based on the next generation linux kernel nftables…