Is Symantec Encryption Management Server vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?

book

Article ID: 159160

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Only OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) are affected by the "Heartbleed" bug (CVE-2014-0160). Versions below 1.0.1 (such as 0.9.8) are not affected.

See https://www.openssl.org/news/secadv_20140407.txt for more information.

Resolution

Symantec Encryption Management Server includes the openssl package with version 0.9.8 which is not vulnerable to this attack.