OpenSSL Vulnerability
26 March 2004 Recent OpenSSL advisories reveal vulnerabilities in OpenSSL versions 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, which may allow unauthenticated remote attackers to cause a denial of service. Applications or systems that use the OpenSSL SSL/TLS library (libssl) may be affected.
Affected Releases:
NOTE: VPN-1/FireWall-1 4.1 (all Service Packs) are NOT affected. Check Point recommends that customers install an update on all management stations and enforcement modules in order to protect affected releases against the issues described in these advisories. Refer to the specific hotfix release notes for instructions. These updates are available for Software Subscription customers from the links below: VPN-1/FireWall-1 NG with Application
Intelligence
VPN-1/FireWall-1 NG with Application Intelligence R54 OpenSSL Hotfix
VPN-1/FireWall-1 NG FP3 OpenSSL Hotfix
VPN-1/FireWall-1 VSX NG with Application Intelligence Provider-1 NG with Application Intelligence R55 OpenSSL Hotfix
Provider-1 NG with Application Intelligence R54 OpenSSL Hotfix
Provider-1 NG FP3 OpenSSL Hotfix FireWall-1 GX v2.0 OpenSSL Hotfix
OpenSSL Hotfixes will be included in future Hotfix Accumulator (HFA) releases for Next Generation FP3 and NG with Application Intelligence R54. Customers requesting a fix on these versions prior to the respective HFA releases should contact Check Point Technical Services for assistance. |
