You are here

OpenSSL Vulnerabilities Fixed in Version 1.0.1u and 1.0.2i

IDs: 
CVE-2016-6304, CVE-2016-6305, CVE-2016-2183, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308
Keywords: 
OpenSSL, OCSP
Description: 

OpenSSL released a security advisory on September 22, 2016, describing several vulnerabilities fixed in the newest releases [1].

Most of the vulnerabilities are rated with severity low. One vulnerability CVE-2016-6304 is rated with severity high [2]. Denial of service may be possible by sending an excessively large OCSP Status Request extension and continually triggering renegotiation. Airlock WAF is affected, even if OCSP is not enabled.

Resolution: 

Hotfixes are available for Airlock WAF 5.3.1 and 6.0 to update OpenSSL to version 1.0.1u and 1.0.2i (for version 6.0). The criticality of the hotfixes is high.

Component: 
Airlock
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
No action required