POODLE Security Vulnerability
Posted by , Last modified by on 16 October 2014 02:11 PM
|
|
A major vulnerability named POODLE has been discovered in the open-source OpenSSL library, a common workaround used in many current internet browsers. When there's a connection error during SSL session the browser falls back to one of the old versions of the SSL protocol. The old protocol might be even the ancient SSL 3.0. The problem may arise when attacker intentionally kills SSL sessions to make it lead to the connection error. After this the browser does a fallback. Actually the fallback is not the root of the problem: the real cause is SSL 3.0 which is not safe enough. You can find more detailed information here: http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed IceWarp Server 11.0.1 and older (both Windows and Linux) are affected by this vulnerability. The fixed SSL libraries are attached to this article (all of them should be copied to the IceWarp root folder to replace the old vulnerable files)
Here is the proper procedure: 1. Stop all IceWarp services 2. Replace the files 3. Start the services
For IceWarp Server Windows version 11.0 and 10.4 - please download http://esupport.icewarp.com/KBimages/openssl11-poodle.zip For IceWarp Server Windows version 10.3 and older - please download http://esupport.icewarp.com/KBimages/openssl10-poodle.zip For IceWarp Server Linux (any version and distribution) - please update the openSSL libraries in your system | |
|