Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Security
    4. Advisories
    5. Security Advisory- OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015

    Security Advisory- OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Subject: OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015
      1. Overview
      2. Effective Security Severity Level:
      3. Affected Systems:
      4. Tests and Certifications:
      5. Actions Taken for Hosted Systems:
      6. Required Actions for On-Premise and Local Systems:

    Subject: OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015

    Overview

    Ex Libris has been made aware of a recently discovered high vulnerability with OpenSSL. In addition, a FREAK vulnerability that was rated “Low” is now rated “High”.

    All systems that use the OpenSSL are vulnerable to these issues. These vulnerabilities are covered by Open SSL advisory CVE-2015-0204 and CVE-2015-0291 where more information is available.

    In addition, a more detailed analysis of these vulnerabilities is available from:

    OpenSSL – http://openssl.org/news/secadv_20150319.txt

    Patches released to fix these vulnerabilities are located at OpenSSL- http://openssl.org/ 

    Effective Security Severity Level:

    High

    Affected Systems:

    & All Ex Libris systems and products using OpenSSL.

    Tests and Certifications:

    Ex Libris evaluates Ex Libris products for potential vulnerabilities and performs certification testing with the available patch for all Ex Libris systems and products running OpenSSL. Ex Libris has determined that the available patches can be safely deployed with no impact to Ex Libris systems and products and will update the Util SP feature.

    Actions Taken for Hosted Systems:

    Ex Libris is in the process of patching all the systems running in the Ex Libris cloud.

    Required Actions for On-Premise and Local Systems:

    Ex Libris strongly recommends
    following the instructions available from the links listed above and installing the patch on Ex Libris onpremise and local systems and to run Util SP to install OpenSSL 0.9.8zf. Ex Libris makes the new update available via FTP.

     

     

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Advisory- “Ghost” - Security Vulnerability – Updated January 28, 2015 Overview
      • Security Advisory- VENOM vulnerability (CVE-2015-3456) – Updated May 14, 2015
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Cross-Product
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved