Extreme Networks Information for VU#720951

OpenSSL TLS heartbeat extension read overflow discloses sensitive information

Status

Affected

Vendor Statement

The following products and versions are affected by the VU#720951 OpenSSL vulnerability.

    ExtremeXOS version 15.4.1.x - A patch update for ExtremeXOS 15.4.1.3-patch1-10 or higher is available for download

    64 bit (Ubuntu) NetSight Appliance version 4.4, 5.0, 5.1 and 6.0 - A patch update is currently available for 4.4, 5.0, 5.1 and 6.0

    64 bit (Ubuntu) NAC Appliance version 5.0, 5.1 and 6.0 - A patch update is currently available for 5.0, 5.1 and 6.0.

    64 bit (Ubuntu) Purview Appliance version 6.0 - A patch update is currently available.

    Note: Please contact the Extreme Networks Global Technical Assistance Center (GTAC) for access to the patch in the event not found on the Extreme Networks support site.

    Extreme Networks has also published the below advisory on its website. Please refer the same for additional information.
    http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf

    Addendum

    There are no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.