Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 18 March 2020
Did you know that ZEVENET implements different techniques to provide higher performance and high scale for non-connection oriented and real-time services like UDP (User Datagram Protocol), SIP (Session Initiation Protocol),…
94 LikesComments Off on Delivering the best continuity for non-connection oriented services
Posted by zenweb | 12 March 2020
At ZEVENET, we've been always available and mobilized under social security of every kind in order to take advantage of our expertise to support the business continuity of different sectors…
81 LikesComments Off on Supporting Continuity of Health Care Sector against Coronavirus
Posted by zenweb | 28 January 2020
The Zevenet development Roadmap for 2020 has been compiled and we can't wait to start with the new awesome challenges! The forecast for the following 3 years includes the development…
94 LikesComments Off on Zevenet Roadmap 2020