General Discussion OpenSSL null pointer reference issue (CVE-2020-1971)

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 5 subscribers
Views 941 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSL null pointer reference issue (CVE-2020-1971)

EdmundSackbauer over 3 years ago

There is a vulnerability in OpenSSL:
https://www.openssl.org/news/secadv/20201208.txt

It could be used for a denial-of-service attack

openSSL has it already fixed, when will it be included into UTM (and XG)?

BR Edmund

This thread was automatically locked due to age.

0 FormerMember over 3 years ago

Hi EdmundSackbauer,

Thank you for reaching out to the Community!

I will follow-up on this with the internal team and update you accordingly.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago

Hallo Edmund,

I don't usually worry about these types of things. It's faster for the developers to patch the existing code than to try to integrate a new version.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 EdmundSackbauer over 3 years ago in reply to BAlfson

That was not my point. The point is: there is already a fix, which could be backported when?
Cancel
Vote Up 0 Vote Down

Cancel