Is Symantec Encryption Management Server vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?

Article:TECH216516  |  Created: 2014-04-09  |  Updated: 2014-04-10  |  Article URL http://www.symantec.com/docs/TECH216516
Article Type
Technical Solution


Issue



Only OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) are affected by the "Heartbleed" bug (CVE-2014-0160). Versions below 1.0.1 (such as 0.9.8) are not affected.

See https://www.openssl.org/news/secadv_20140407.txt for more information.


Solution



Symantec Encryption Management Server includes the openssl package with version 0.9.8 which is not vulnerable to this attack.




Article URL http://www.symantec.com/docs/TECH216516


Terms of use for this information are found in Legal Notices