OpenSSL - Alternative chains certificate forgery

Highlighted
Scholar

OpenSSL - Alternative chains certificate forgery

Hello,

is any of F-Secure bussines product affected by "Alternative chains certificate forgery" problem?

If yes, how can I tread installed applications?

 

http://openssl.org/news/secadv_20150709.txt

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure Product Expert

Re: OpenSSL - Alternative chains certificate forgery

Hello Jachym,

 

Good day to you!

 

My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services.

 

With regards to your question about the latest OpenSSL fix and our F-Secure business products, allow me to respond to you:

 

  1. F-Secure corporate server products (Policy Manager, PSB Server Security, PSB Email and Server Security, Server Security, Email and Server Security) are not affected by this vulnerability.
  2. F-Secure Virtual Appliances products (IGK VA and SRS VA) are not affected by this vulnerability.
  3. F-Secure Internet Gatekeeper is not affected by this vulnerability.
  4. F-Secure Linux Security is not affected by this vulnerability. 
  5. F-Secure Messaging Security Gateway and Protection Service for Email products are affected and a patch is currently in the works. This will be released as soon as it is made available.

If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.

 

Best regards,

Calvin Gan

F-Secure Security Vulnerability Expert

View solution in original post

2 REPLIES 2
F-Secure

Re: OpenSSL - Alternative chains certificate forgery

Hi,

 

We are checking our products and services for recent OpenSSL vulnerability as we speak. Rest assure we will inform partners and customers if any of F-Secure products and services are affected, and provide more details later on. Stay tuned.

F-Secure Product Expert

Re: OpenSSL - Alternative chains certificate forgery

Hello Jachym,

 

Good day to you!

 

My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services.

 

With regards to your question about the latest OpenSSL fix and our F-Secure business products, allow me to respond to you:

 

  1. F-Secure corporate server products (Policy Manager, PSB Server Security, PSB Email and Server Security, Server Security, Email and Server Security) are not affected by this vulnerability.
  2. F-Secure Virtual Appliances products (IGK VA and SRS VA) are not affected by this vulnerability.
  3. F-Secure Internet Gatekeeper is not affected by this vulnerability.
  4. F-Secure Linux Security is not affected by this vulnerability. 
  5. F-Secure Messaging Security Gateway and Protection Service for Email products are affected and a patch is currently in the works. This will be released as soon as it is made available.

If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.

 

Best regards,

Calvin Gan

F-Secure Security Vulnerability Expert

View solution in original post