Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSL vulnerability in XG 16.1.1

I have been receiving many IPS entries for "OpenSSL TLSEXT_TYPE_status_request Memory Leak Denial of Service" from many different clients. According to the CVE, versions 1.0.2i contains the patch for the vulnerability. From what I can tell, Sophos XG 16.1.1 uses OpenSSL version 1.0.2e which has the vulnerability CVE-2016-6304 . Any one else having issues? What about getting a patch for this from Sophos?

Regards,

Gary



This thread was automatically locked due to age.
Parents Reply Children
No Data