Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 22 August 2017
Since January 2017, that we launched the new brand Zevenet (after a long way with the Zen Load Balancer project), we redesigned the Partnership Program as a path to spread…
Posted by zenweb | 18 April 2017
Netdev Conf is a community-driven conference dedicated to technical Linux networking where the most important and relevant contributors, maintainers and open source supported companies meet together to present the brand…
Posted by zenweb | 01 December 2016
At Zevenet we acknowledge the relevance of educating our future engineers in the Open Source way of thinking, way of developing. Therefore we found really interesting supporting the “Concurso Universitario…