ZenLB Security Advisory for OpenSSL 3rdMay vulnerabilities

Zen-load-balancer-Security-advisory
Posted by Zevenet | 4 May, 2016 | Announces, Technical

Dear Zen Master,

Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.

ZSecAdv OpenSSL 3rd May

In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:

  • Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
  • Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
  • EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
  • EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
  • ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
  • EBCDIC overread (CVE-2016-2176) – Severity Low

Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.

Enjoy a secured Load Balancing!

SHARE ON:

Related Blogs

Posted by zenweb | 18 January 2018
Global Service Load Balancing, as well known as GSLB, is a load balancing technique that permits to build fault tolerance, automatic disaster recovery, load balancing across WAN servers and improved…
Posted by zenweb | 10 January 2018
The ZEVENET Team has compiled a very challenger development roadmap for the new year 2018. All these new developments will setup and consolidate Zevenet as a reference within the Application…
Posted by zenweb | 19 December 2017
Usually, during an infrastructure design it's required to study the requirements of the services and estimate the resources needed to avoid oversizing or undersizing the platform, but even we need…