Is 9.411 affected by CVE-2017-3733 (OpenSSL bug)?

See https://www.openssl.org/news/secadv/20170216.txt

9.411 uses OpenSSL 1.0.1k, support for this version ends 2016/12/31. There is no info, if this old version is affected. Does anyone has an official statement from Sophos?

 

Regards

Manuel

  • Hi, Manuel, and welcome to the UTM Community!

    If this is not a home-use license, please let us know what your reseller finds when posing this question to Sophos.

    In general, you will find that most modules used in UTM are not the most recent ones.  Sophos developers test, tighten and enhance each module.  This is a recent enough discovery that I haven't seen anything in official Sophos communications.  In fact, we don't know if the implementation suffers from the problem at all.

    Cheers - Bob