Reset Search
 

 

Article

JSA10427 - 2010-03 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - OpenSSL

« Go Back

Information

 
Product AffectedPCS: SA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA6500, SA 3000 FIPS, SA 5000 FIPS, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS

IC: IC4000, IC4500, IC6000, IC6500, IC 6500 FIPS
Problem

This Security Bulletin addresses security flaws that have been fixed in OpenSSL 0.9.8k:
- ASN1 printing crash

Two additional issues were addressed by OpenSSL in 0.9.8k however they are not applicable to the PCS or PPS.

This issue is associated with CVE-2009-0590.
Solution

An upgrade is recommended to the following or later releases:
- PCS: 6.0R12; 6.1R8; 6.2R6; 6.3R5; 6.4R2; 6.5R1
- PPS: 3.0R2; 3.1R1

There are no known workarounds for this issue.
Workaround
Implementation
Related Links
Patched Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.

OpenSSL Bulletin
KB 16613 - Pulse Secure SIRT's Regularly-Scheduled Security Bulletin Publication Process
CVSS Score5.0
Risk AssessmentThis is a moderate severity security flaw. Customers should upgrade.

Information for how Pulse Secure uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Pulse Secure's Security Advisories."
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-02-659, JSA10427

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255