The SSL-Libraries ar old resp. vulnerable
Hello
The SSL-Libraries, included with actual and up-to-date F-Secure, are old versions and maybe vulnerable.
In the (default) path:
"c:\Program Files (x86)\F-Secure\"
is the v1.0.1.7, wich means v1.0.1g.
The actual version of the 1.0.1 branch is 1.0.1l.
For more information see URL: https://www.openssl.org/
Greetings,
Alpengreis
Comments
-
Hi Alpengreis,
My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services.
With regards to your inquiry, we are aware that the OpenSSL version used in the product is currently not the latest build. The component was not updated because the vulnerabilities as announcened in https://www.openssl.org/news/secadv_20140806.txt and https://www.openssl.org/news/secadv_20141015.txt either does not impact our products or is of low priority. Having said that however, we are currently working on upgrading our product after the recent announcement by OpenSSL in https://www.openssl.org/news/secadv_20150108.txt. Please do note that this upgrade exercise acts as a cummulative update to OpenSSL component in our products.
If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.
Best Regards,
Calvin Gan
F-Secure Security Vulnerability Expert
-