Reset Search



JSA10427 - 2010-03 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - OpenSSL

« Go Back


Product AffectedPCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA6500, SA 3000 FIPS, SA 5000 FIPS, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS

IC: IC4000, IC4500, IC6000, IC6500, IC 6500 FIPS

This Security Bulletin addresses security flaws that have been fixed in OpenSSL 0.9.8k:
- ASN1 printing crash

Two additional issues were addressed by OpenSSL in 0.9.8k however they are not applicable to the PCS or PPS.

This issue is associated with CVE-2009-0590.

An upgrade is recommended to the following or later releases:
- PCS: 6.0R12; 6.1R8; 6.2R6; 6.3R5; 6.4R2; 6.5R1
- PPS: 3.0R2; 3.1R1

There are no known workarounds for this issue.
Related Links
Patched Software Release Service Packages are available at Pulse Secure Licensing and Download Center: Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.

OpenSSL Bulletin
KB 16613 - Pulse Secure SIRT's Regularly-Scheduled Security Bulletin Publication Process
CVSS Score5.0
Risk AssessmentThis is a moderate severity security flaw. Customers should upgrade.

Information for how Pulse Secure uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Pulse Secure's Security Advisories."
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-02-659, JSA10427



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255