The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
Is SafeGuard Enterprise affected by the recently identified OpenSSL leak in versions 1.0.1 to 1.0.1f (cve-2014-160)? Designated cve-2014-160: https://www.openssl.org/news/secadv_20140407.txt
Applies to the following Sophos product(s) and version(s) SafeGuard Enterprise ServerSafeGuard Management Center / Local Policy Editor
While SafeGuard Enterprise uses some modules of OpenSSL, the affected functionality is not used at all in the SafeGuard Enterprise Server, SafeGuard Enterprise Management Console, or the SafeGuard Enterprise Client for Windows. All these use the Windows TLS implementation and are therefore unaffected.
On SafeGuard for Mac Clients the affected code is used by one helper process that is responsible for communication with the SafeGuard Enterprise Server. However, this process runs with restricted privileges and only transfers files it does not understand between the SafeGuard Enterprise Server and the SafeGuard for Mac Client. Any key material in such files is encrypted with keys that are unrelated to the SSL connection. The affected process therefore has no useful information that an attacker could extract.
Nevertheless, in the next SafeGuard Enterprise release all OpenSSL instances will routinely be updated to the latest version.
Tous les commentaires envoyés sont lus par un membre de notre équipe. En revanche, nous ne répondons pas aux questions techniques spécifiques. Si vous avez besoin d'assistance technique, veuillez poser votre question sur notre communauté. Pour tous produits sous licence, veuillez ouvrir un incident support.