Is Symantec Encryption Management Server vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?
|Article:TECH216516|||||Created: 2014-04-09|||||Updated: 2014-04-10|||||Article URL http://www.symantec.com/docs/TECH216516|
Only OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) are affected by the "Heartbleed" bug (CVE-2014-0160). Versions below 1.0.1 (such as 0.9.8) are not affected.
See https://www.openssl.org/news/secadv_20140407.txt for more information.
Symantec Encryption Management Server includes the openssl package with version 0.9.8 which is not vulnerable to this attack.
Article URL http://www.symantec.com/docs/TECH216516