The SSL-Libraries ar old resp. vulnerable

Supporter

The SSL-Libraries ar old resp. vulnerable

Hello

The SSL-Libraries, included with actual and up-to-date F-Secure, are old versions and maybe vulnerable.


In the (default) path:

"c:\Program Files (x86)\F-Secure\"

is the v1.0.1.7, wich means v1.0.1g.

The actual version of the 1.0.1 branch is 1.0.1l.


For more information see URL: https://www.openssl.org/


Greetings,
Alpengreis

Tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure Product Expert

Re: The SSL-Libraries ar old resp. vulnerable

Hi Alpengreis,

 

My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services.

 

With regards to your inquiry, we are aware that the OpenSSL version used in the product is currently not the latest build. The component was not updated because the vulnerabilities as announcened in https://www.openssl.org/news/secadv_20140806.txt and https://www.openssl.org/news/secadv_20141015.txt either does not impact our products or is of low priority. Having said that however, we are currently working on upgrading our product after the recent announcement by OpenSSL in https://www.openssl.org/news/secadv_20150108.txt. Please do note that this upgrade exercise acts as a cummulative update to OpenSSL component in our products.

 

If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.

 

Best Regards,

Calvin Gan

F-Secure Security Vulnerability Expert

View solution in original post

2 REPLIES 2
F-Secure Product Expert

Re: The SSL-Libraries ar old resp. vulnerable

Hi Alpengreis,

 

My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services.

 

With regards to your inquiry, we are aware that the OpenSSL version used in the product is currently not the latest build. The component was not updated because the vulnerabilities as announcened in https://www.openssl.org/news/secadv_20140806.txt and https://www.openssl.org/news/secadv_20141015.txt either does not impact our products or is of low priority. Having said that however, we are currently working on upgrading our product after the recent announcement by OpenSSL in https://www.openssl.org/news/secadv_20150108.txt. Please do note that this upgrade exercise acts as a cummulative update to OpenSSL component in our products.

 

If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.

 

Best Regards,

Calvin Gan

F-Secure Security Vulnerability Expert

View solution in original post

Supporter

Re: The SSL-Libraries ar old resp. vulnerable

Sounds good. Thank you for fast response, I appreciate it!

 

Kind regards,

Alpengreis