ZenLB Security Advisory for OpenSSL 3rdMay vulnerabilities

Zen-load-balancer-Security-advisory
Posted by Zevenet | 4 May, 2016 | Announces, Technical

Dear Zen Master,

Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.

ZSecAdv OpenSSL 3rd May

In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:

  • Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
  • Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
  • EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
  • EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
  • ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
  • EBCDIC overread (CVE-2016-2176) – Severity Low

Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.

Enjoy a secured Load Balancing!

SHARE ON:

Related Blogs

Posted by zenweb | 22 November 2018
Zevenet is proud to attend the Cybercamp 2018 that will take place in Málaga (south Spain) the next 29th of November to 2nd of December. There, the team will be…
3 LikesComments Off on Zevenet at Cybercamp 2018
Posted by zenweb | 13 November 2018
This week, a new article is available in the howto section of the Knowledge Base. FileCloud enables a private cloud that makes your files accessible from any device from anywhere,…
3 LikesComments Off on FileCloud load balancing article
Posted by zenweb | 07 November 2018
Black Friday is great for online shopping and could be a nightmare for retailers, logistics and payment gateways sysadmins, devops and site reliability engineers due to the increase of usual…
5 LikesComments Off on Black Friday Campaign has been launched