Are Symantec Data Loss Prevention (DLP) releases affected by the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160)?

book

Article ID: 160063

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

A defect in the TLS/DTLS implementations of OpenSSL 1.0.1 - 1.0.1f may allow an attacker to obtain sensitive data including private keys via the Heartbeat extension of OpenSSL.

Resolution

Symantec Data Loss Prevention (DLP) releases are NOT affected, as these do not use OpenSSL versions that are susceptible to this defect.

Note: In the Symantec DLP 12.0 Third-Party License Agreements guide, "OpenSSL 1.0.1c" is mistakenly included in the list of 3rd party licenses for DLP. This release of OpenSSL is NOT included in v12 of DLP, and is not present in earlier releases.