New OpenSSL Vulnerabilities

Description

A critical new vulnerability was announced in OpenSSL that might affect your web servers. If you’re using a web server that relies on OpenSSL, you should obtain the patched version of OpenSSL and deploy it on your web server.

The vulnerability does not impact your certificates.

Action Required

Check to see if any of your web servers use OpenSSL. If so, visit https://www.openssl.org/ to download the latest version.

Customers using the following versions of OpenSSL should patch immediately.

  • 1.0.2c
  • 1.0.2b
  • 1.0.1n
  • 1.0.1o

For more information, please see:

Symantec Blog: http://www.symantec.com/connect/blogs/critical-openssl-vulnerability-could-allow-attackers-intercept-secure-communications