File Share Encryption

 View Only

  • 1.  Is PGP Universal 3.3.2 MP6 affected by GHOST vulnerability?

    Posted Feb 24, 2015 01:16 PM

    We have PGP Universal 3.3.2 MP6 running on a VM with Linux. It was created using a Symantec product image. Is this configuration affected by the recently released GHOST vulnerability? (CVE-2015-0235).



  • 2.  RE: Is PGP Universal 3.3.2 MP6 affected by GHOST vulnerability?

    Posted Feb 24, 2015 03:34 PM

    The development and security teams here at Symantec have been working on testing this issue, and so far, while we do use a vulnerable version of glibc, we do not appear to be vulnerable to remote unauthenticated attackers.  Until their official response, that is the best information I can provide.

    When an official statement comes out, I will try to post it here.  I would also like to note that the version of glibc should be updated in our next release, 3.3.2 mp8.
     



  • 3.  RE: Is PGP Universal 3.3.2 MP6 affected by GHOST vulnerability?

    Posted Feb 25, 2015 10:40 AM

    Greetings,

     

    When do you anticipate that 3.3.2 mp8 will be available?

     

    Regards,

    Tim Cline

     

    Tim Cline

    Information Security Specialist

    Information Security Office / Information Technology Services

    The University of North Carolina at Chapel Hill

    (919) 445-9388

    Tim_Cline@unc.edu

     



  • 4.  RE: Is PGP Universal 3.3.2 MP6 affected by GHOST vulnerability?

    Posted Feb 25, 2015 04:14 PM

    This was just created today in response to GHOST:
    http://www.symantec.com/docs/TECH228598

    Mp8 should release some time in April 2015 pending QA testing.