Question & Answer
Question
Is Guardium vulnerable to CVE-2016-2107 and others against OpenSSL?
Cause
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Answer
Guardium v10 is based on RHEL 6. According to https://rhn.redhat.com/errata/RHSA-2016-0996.html
RHEL6:
openssl-1.0.1e-48.el6_8.1.*.rpm addresses
CVE-2016-0799
CVE-2016-2105
CVE-2016-2106
CVE-2016-2107
CVE-2016-2108
CVE-2016-2109
CVE-2016-2842
And according to https://access.redhat.com/solutions/2298211
CVE-2016-2176 does not affect the versions of OpenSSL used by Redhat (that includes RHEL 5,6,7).
So Guardium is not affected.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21990450