Impact of the OpenSSL Security Advisory [08 Jan 2015] on Backup Exec family of products
Article ID: 100015025
Updated On:
Resolution
Veritas Backup Exec is not affected by these vulnerabilities.
It doesn't run any OpenSSL versions that are susceptible to these vulnerabilities.
Issue/Introduction
OpenSSL project has issued a security advisory and released critical updates to patch several vulnerabilities on the 8th January 2015.
The following is the list of vulnerabilities and the details are described in their Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
The following is the list of vulnerabilities and the details are described in their Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
- DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
- DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
- no-ssl3 configuration sets method to NULL (CVE-2014-3569)
- ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
- RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
- DH client certificates accepted without verification [Server] (CVE-2015-0205)
- Certificate fingerprints can be modified (CVE-2014-8275)
- Bignum squaring may produce incorrect results (CVE-2014-3570)
Was this article helpful?
Yes
No
Powered by
