Is Symantec System Recovery affected by the OpenSSL vulnerability (CVE-2014-0224)?
|Article:TECH218175|||||Created: 2014-06-09|||||Updated: 2014-07-15|||||Article URL http://www.symantec.com/docs/TECH218175|
A security vulnerability has been detected in specific versions of OpenSSL. For more information regarding this vulnerability, please refer to the following link:
Backup Exec System Recovery (BESR) or Symanetc System Recovery (SSR) uses VMWare Virtual Disk Development Kit for Physical to Virtual conversion (P2V) which makes use of OpenSSL. All functions except P2V such as Backup/Restore are not impacted by the OpenSSL vulnerability as it does not rely on OpenSSL encryption. Also P2V function is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.
Similarly the BESR Management Solution (BESR-MS) or SSR Management Solution (SSR-MS) is not impacted by the OpenSSL vulnerability after ESXi server is patched with ESXi510-201406401-SG for ESXi 5.1 or ESXi500-201407401-SG for ESXi 5.0.
Article URL http://www.symantec.com/docs/TECH218175