KB Article #176753
8 JAN 2015 OpenSSL Security Advisory Effects on Validation Authority, Desktop Validator & Server Validator
Problem
-- An IAVA was issued regarding the 8 JAN 2015 OpenSSL advisory and you need to know whether or not your version of VA, SV or DV is affected.Resolution
* The 8 JAN 2015 advisory listed 8 CVEs: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275 and CVE-2014-3570. Of these, we believe that all three products are impacted by the low-severity issues CVE-2014-3572 and CVE-2015-0204. Additionally, VA server is believed to be impacted by two more low-severity issues: CVE-2015-0205 and CVE-2014-3570.
We will release service packs containing updated versions of OpenSSL to address this issue.