Security Advisory- OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015
Subject: OpenSSL and FREAK - Security Vulnerabilities – Updated March 19, 2015
Overview
Ex Libris has been made aware of a recently discovered high vulnerability with OpenSSL. In addition, a FREAK vulnerability that was rated “Low” is now rated “High”.
All systems that use the OpenSSL are vulnerable to these issues. These vulnerabilities are covered by Open SSL advisory CVE-2015-0204 and CVE-2015-0291 where more information is available.
In addition, a more detailed analysis of these vulnerabilities is available from:
OpenSSL – http://openssl.org/news/secadv_20150319.txt
Patches released to fix these vulnerabilities are located at OpenSSL- http://openssl.org/
Effective Security Severity Level:
High
Affected Systems:
& All Ex Libris systems and products using OpenSSL.
Tests and Certifications:
Ex Libris evaluates Ex Libris products for potential vulnerabilities and performs certification testing with the available patch for all Ex Libris systems and products running OpenSSL. Ex Libris has determined that the available patches can be safely deployed with no impact to Ex Libris systems and products and will update the Util SP feature.
Actions Taken for Hosted Systems:
Ex Libris is in the process of patching all the systems running in the Ex Libris cloud.
Required Actions for On-Premise and Local Systems:
Ex Libris strongly recommends
following the instructions available from the links listed above and installing the patch on Ex Libris onpremise and local systems and to run Util SP to install OpenSSL 0.9.8zf. Ex Libris makes the new update available via FTP.