On July 9th 2015, the OpenSSL Project reported a high-severity vulnerability in certain versions of OpenSSL. The vulnerability affects processing of certificate trust chains. ClearPass version 6.5.2 which was released on June 26th 2015 and contains OpenSSL version 1.0.1o which is affected by the vulnerability. No other ClearPass releases are affected by this issue.
Additional details can be found in the updated security advisory which is attached and will be updated shortly on the public Security Advisory page.
The patch file is available for download in the ClearPass Software Update Portal and also from the support.arubanetworks.com at the following location.
Download Software > ClearPass > Policy Manager > Archives > 6.5.0 > Patches