Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 05 April 2019
We're glad to announce that a new community Edition ISO has been released in order to fix some small nitpicks related with the installation process in Hyper-V and Openstack. Don't…
4 LikesComments Off on New Community Edition ISO 5.9.1 available!
Posted by zenweb | 28 March 2019
This edition of the Netdev Conference 0x13 has been driven by a great organization and the high quality of the talks and open discussions. The broad variety of companies, technologies…
1 LikesComments Off on Lessons learned from Netdev Conference 0x13 in Prague
Posted by zenweb | 08 March 2019
Zevenet is proud to present the definitive guide of SIP proxy load balancing to build scalable VoIP scalability, highly available and with enhanced security. In addition, advanced health check to…
9 LikesComments Off on The definitive guide of SIP and PBX services at scale