Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

OpenSSL - Alternative Chains Certificate Forgery Patch for ClearPass 6.5.2 is now available!

This thread has been viewed 1 times

  • 1.  OpenSSL - Alternative Chains Certificate Forgery Patch for ClearPass 6.5.2 is now available!

    EMPLOYEE
    Posted Jul 15, 2015 03:49 AM
    On July 9th 2015, the OpenSSL Project reported a high-severity vulnerability in certain versions of OpenSSL. The vulnerability affects processing of certificate trust chains. ClearPass version 6.5.2 which was released on June 26th 2015 and contains OpenSSL version 1.0.1o which is affected by the vulnerability. No other ClearPass releases are affected by this issue.

    Additional details can be found in the updated security advisory which is attached and will be updated shortly on the public Security Advisory page.

    The patch file is available for download in the ClearPass Software Update Portal and also from the support.arubanetworks.com at the following location.

    Download Software > ClearPass > Policy Manager > Archives > 6.5.0 > Patches


  • 2.  RE: OpenSSL - Alternative Chains Certificate Forgery Patch for ClearPass 6.5.2 is now available!

    Posted Jul 15, 2015 03:17 PM

    thanks for the quick fix guys.

     

    one small detail, from the GUI the patch mentions release notes, but there is nothing there where the link takes you.