This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is 9.411 affected by CVE-2017-3733 (OpenSSL bug)?


9.411 uses OpenSSL 1.0.1k, support for this version ends 2016/12/31. There is no info, if this old version is affected. Does anyone has an official statement from Sophos?




This thread was automatically locked due to age.
  • Hi, Manuel, and welcome to the UTM Community!

    If this is not a home-use license, please let us know what your reseller finds when posing this question to Sophos.

    In general, you will find that most modules used in UTM are not the most recent ones.  Sophos developers test, tighten and enhance each module.  This is a recent enough discovery that I haven't seen anything in official Sophos communications.  In fact, we don't know if the implementation suffers from the problem at all.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA