Is SafeGuard Enterprise affected by the recently identified OpenSSL leak in versions 1.0.1 to 1.0.1f (cve-2014-160)? Designated cve-2014-160: https://www.openssl.org/news/secadv_20140407.txt
Applies to the following Sophos product(s) and version(s) SafeGuard Enterprise ServerSafeGuard Management Center / Local Policy Editor
While SafeGuard Enterprise uses some modules of OpenSSL, the affected functionality is not used at all in the SafeGuard Enterprise Server, SafeGuard Enterprise Management Console, or the SafeGuard Enterprise Client for Windows. All these use the Windows TLS implementation and are therefore unaffected.
On SafeGuard for Mac Clients the affected code is used by one helper process that is responsible for communication with the SafeGuard Enterprise Server. However, this process runs with restricted privileges and only transfers files it does not understand between the SafeGuard Enterprise Server and the SafeGuard for Mac Client. Any key material in such files is encrypted with keys that are unrelated to the SSL connection. The affected process therefore has no useful information that an attacker could extract.
Nevertheless, in the next SafeGuard Enterprise release all OpenSSL instances will routinely be updated to the latest version.
Tutti i commenti qui inseriti vengono letti (dal team di supporto), ma non verranno inviate risposte specifiche ad alcun quesito tecnico. Nel caso richiediate supporto tecnico, vi invitiamo a postare il vostro quesito nella nostra community. Altrimenti, se la richiesta di supporto riguarda un prodotto con licenza, vi invitiamo ad aprire un ticket per il team di supporto.