Extreme Networks Information for VU#720951

OpenSSL TLS heartbeat extension read overflow discloses sensitive information

Status

Affected

Vendor Statement

The following products and versions are affected by the VU#720951 OpenSSL vulnerability.

ExtremeXOS version 15.4.1.x - A patch update for ExtremeXOS 15.4.1.3-patch1-10 or higher is available for download

64 bit (Ubuntu) NetSight Appliance version 4.4, 5.0, 5.1 and 6.0 - A patch update is currently available for 4.4, 5.0, 5.1 and 6.0

64 bit (Ubuntu) NAC Appliance version 5.0, 5.1 and 6.0 - A patch update is currently available for 5.0, 5.1 and 6.0.

64 bit (Ubuntu) Purview Appliance version 6.0 - A patch update is currently available.

Note: Please contact the Extreme Networks Global Technical Assistance Center (GTAC) for access to the patch in the event not found on the Extreme Networks support site.

Extreme Networks has also published the below advisory on its website. Please refer the same for additional information.
http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://learn.extremenetworks.com/rs/extreme/images/CERT_VU%23720951_Vulnerability_Advisory_04_11_2014v2.pdf

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.