Tuesday, March 1, 2016

Security Notification: OpenSSL Cross-Protocol Attack on TLS Using SSLv2 (DROWN) (CVE-2016-0800 and CVE-2016-0703)

A new security vulnerability was recently discovered in certain versions of OpenSSL. More information about the vulnerability is available on the OpenSSL website: https://www.openssl.org/news/secadv/20160301.txt

All the Bitnami-packaged applications are NOT VULNERABLE because Apache disables SSLv2 and EXPORT algorithms for HTTPS by default.

Please take a moment to update existing Bitnami cloud images or virtual machines by following the instructions on our wiki:

https://wiki.bitnami.com/security/2016-03-01_OpenSSL_Cross-protocol_attack_on_TLS_using_SSLv2_(DROWN)_(CVE-2016-0800_and_CVE-2016-0703)

To check whether your server is vulnerable, use the following automatic DROWN Attack checker:

https://drownattack.com/#check

If you have any questions about this process, please post to our community support forum and we will be happy to help!

No comments:

Post a Comment

Please use our community forum if you have any questions community.bitnami.com