Reset Search
 

 
Article

SA40384 - November 11, 2016 OpenSSL Security Advisory

Printable View
« Go Back

Information

 
Product Affected
Problem
On November 11, 2016 the OpenSSL project announced a group of new security vulnerabilities. Pulse Secure evaluates all current supported versions of Pulse Secure products. For a list of currently supported software versions, please refer to our EOL policy.

The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/changelog.html.
Solution
All supported Pulse Secure products were evaluated and found not vulnerable to the following CVE's:
  • ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
  • CMS Null dereference (CVE-2016-7053)
  • Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Products confirmed not vulnerable:

  • Pulse Connect Secure
  • Pulse Policy Secure
  • Pulse Mobile (iOS and Android)
  • Pulse Secure Desktop (Windows & macOS)
  • Pulse Linux / Network Connect (Linux)
  • Odyssey Access Client
  • Pulse One
  • Network Connect (Windows & macOS)
  • Network Connect (FIPS)
  • Host Checker
  • Pulse In-box plugin
  • SBR
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255