Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by reluser | 26 July 2024
The Netdev 0x18 Conference, held from July 15th to 19th, 2024, in Santa Clara, California, brought together leading minds in Linux networking for a week of insightful presentations, technical sessions,…
4 LikesComments Off on Netdev Conference 0x18: A Deep Dive into the Future of Linux Networking
Posted by reluser | 16 July 2024
We are thrilled to announce the release of RELIANOID Load Balancer Community Edition (CE) version 7.3, now based on the robust Debian 12.6 (codename "bookworm"). This new version brings a…
21 LikesComments Off on Release Notes: RELIANOID Load Balancer Community Edition v7.3
Posted by reluser | 01 July 2024
The past twelve months have been a transformative journey for RELIANOID, marked by innovation, expansion, and remarkable achievements. As a company with over 15 years of experience in developing top-tier…
34 LikesComments Off on RELIANOID: A Year of Transformation and Growth