ZenLB Security Advisory for OpenSSL 3rdMay vulnerabilities

Zen-load-balancer-Security-advisory
Posted by Zevenet | 4 May, 2016 | Announces, Technical

Dear Zen Master,

Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.

ZSecAdv OpenSSL 3rd May

In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:

  • Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
  • Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
  • EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
  • EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
  • ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
  • EBCDIC overread (CVE-2016-2176) – Severity Low

Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.

Enjoy a secured Load Balancing!

SHARE ON:

Related Blogs

Posted by zenweb | 06 June 2019
We are proud to announce the brand new Zevenet 6 Enterprise Edition release that is available for evaluation. New features are: New layer 4 core technology (nftlb) that permits 10x…
20 LikesComments Off on Zevenet 6 released
Posted by zenweb | 05 April 2019
We're glad to announce that a new community Edition ISO has been released in order to fix some small nitpicks related with the installation process in Hyper-V and Openstack. Don't…
25 LikesComments Off on New Community Edition ISO 5.9.1 available!
Posted by zenweb | 28 March 2019
This edition of the Netdev Conference 0x13 has been driven by a great organization and the high quality of the talks and open discussions. The broad variety of companies, technologies…
17 LikesComments Off on Lessons learned from Netdev Conference 0x13 in Prague