Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 02 August 2018
Following our Microsoft technical articles series, we've published how to load balance NTLM authentication based web applications dedicated to layer 4 but also layer 7 advanced options. Firstly, we explain…
Posted by zenweb | 05 July 2018
Zevenet Team is proud to announce the release 5.0.1 which is mainly based on some improvements and bugfixes that shows a very stable software. Some of the more important changes…
Posted by zenweb | 02 July 2018
ZVNcloud, the Zevenet load balancer as a Service platform, is upgrading resources in all their cloud plans. With this resources improvement, all users are going to enjoy more resources at…