Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 13 June 2018
The new release is launched! This major release includes great new expected features like IPv6, network and backend aliases, Role-based Access Control to enable multi-tenancy and user level isolation functions,…
Posted by zenweb | 07 June 2018
User experience doesn't have to be a limitation to access to high technology. For that reason at Zevenet we take care usability and management easiness to provide cutting edge networking…
Posted by zenweb | 30 May 2018
Load Balancers are a key device in our infrastructure as they are used to distribute traffic across different networks, they are the entry point of applications and even of a…