Sophos products are not at risk from the latest OpenSSL bug

CloudCorporateNetworkPartnersOpenSSLVulnerabilities

nsgYou may have seen the OpenSSL team announced, on Monday 2015-07-06, that it had a “high severity” update coming out in three days’ time. The update was published Thursday 2015-07-09.

The good news is no Sophos products are at risk from this bug. Only the current pre-release Beta version of Sophos Management Communication System (MCS 3.0.0 Beta), a component used by Sophos Cloud and UTM Endpoint products, includes an affected version of OpenSSL. However, MCS does not use the relevant part of the OpenSSL code for certificate verification, so cannot fall foul of the bug. Nevertheless, we expect to update MCS 3 Beta with the latest OpenSSL version by mid-August 2015.

All other Sophos product families either don’t use OpenSSL at all, or use one of the unaffected versions.

For more information see the links below. If you have any questions please contact your account manager in the first instance.

Learn more about OpenSSL CVE-2015-1793 (Naked Security)

See the latest Sophos support information (KBA)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s