ZenLB Security Advisory for OpenSSL 3rdMay vulnerabilities

Zen-load-balancer-Security-advisory
Posted by Zevenet | 4 May, 2016 | Announces, Technical

Dear Zen Master,

Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.

ZSecAdv OpenSSL 3rd May

In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:

  • Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
  • Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
  • EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
  • EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
  • ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
  • EBCDIC overread (CVE-2016-2176) – Severity Low

Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.

Enjoy a secured Load Balancing!

SHARE ON:

Related Blogs

Posted by zenweb | 01 September 2022
Load balancing is common in the computing world. It came about due to users wanting content quickly. This meant that high‑traffic websites that get millions of user requests had to…
442 LikesComments Off on How load balancing works
Posted by zenweb | 30 August 2022
Healthcare is highly vulnerable to security threats, just like any other industry. Nowadays, cyberattacks in healthcare are very common leading to a lot of risks, specifically security risks to be…
451 LikesComments Off on The Importance of Cybersecurity Frameworks in Healthcare
Posted by zenweb | 02 August 2022
7 Reasons ZEVENET is the best Load Balancing software in 2022 Load balancing solution is no longer what it used to be in the past. As technology improves, threats also…
465 LikesComments Off on 7 Reasons ZEVENET is the best Load Balancing software in 2022