Pulse Secure has completed our investigation. We were able to determine the following products are not affected:
- Pulse Secure (Desktop) client (Windows / Mac OS X)
- Network Connect (Windows / Mac OS X)
- Pulse Mobile (Android / iOS)
Below are the affected products and the release versions:
Pulse Connect SecureOnly 8.1RX, 8.2RX and above are vulnerable. Previous versions are not vulnerable. This issue will be resolved in:
Pulse Policy SecureOnly 5.1RX, 5.2RX, 5.3RX and above are vulnerable. Previous versions are not vulnerable. This issue will be resolved in:
Linux Network ConnectUsers should update the affected glibc packages provided by their Linux distro. The Network Connect client itself is not vulnerable as we utilize the system's glibc libraries.
Pulse One/WorkSpacesUnder investigation
Document History:February 25, 2016 - Added applicable versions for PCS and PPS and tentative release dates.
April 7, 2016 - Updated tentative date for PPS 5.2R6