KB Article #177571

VA and the OpenSSL Security Advisory [3 Dec 2015]

Problem

* OpenSSL has released the OpenSSL Security Advisory [3 Dec 2015] which has two CVEs listed as affecting OpenSSL 1.0.0s: CVE-2015-3195 and CVE-2015-3196. DV 4.11.2 SP5, DV 4.12.0 SP4, VA 4.11.2 SP7 and VA 4.12.0 SP6 all use OpenSSL 1.0.0s.

Resolution

-- Axway is aware of the security advisory and is currently assessing the impact. We normally update OpenSSL in the next SP after the advisories are issued if an impact is found. This article will be updated as more information becomes available.