OpenSSL Advisory - December 2015
Description
OpenSSL released an update in December 2015 to address a small number of vulnerability issues.Impact Detail
CVE-2015-3193: Information Disclosure. CVE-2015-3194: Denial of Service. CVE-2015-3195: Information Disclosure. CVE-2015-3196: Denial of service.Solutions
In regards to the recent OpenSSL updates to address CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 and CVE-2015-1794. Fortinet will update OpenSSL in the following releases:- FortiOS 5.2.6 and 5.4.0
- FortiManager 5.2.5 and 5.4.1
- FortiMail 5.3.1 (already fixed in 5.0.9, 5.1.6 and 5.2.7)
- FortiAuthenticator 4.1
- FortiAnalyzer 5.2.5 and 5.4.1
- FortiWAN 4.1.2
- FortiADC 4.4.0
- FortiClient Mac 5.4.1
- FortiClient Android 5.2.8
- FortiClient iOS 5.2.3
- FortiClient 5.4.1
- FortiAP 5.4
- FortiExtender 2.0.3 and 3.0.0
- FortiSwitch-EFX 3.4.0
- FortiSwitch 3.4.0
- FortiCache 5.2.6
- FortiDDoS 4.1.11 and 4.2
- FortiRecorder 2.3
- FortiDB 5.2
- FortiExplorer 2.7.0
- FortiSandbox 2.2
- FortiWeb 5.5.2
- FortiVoice 5.2.1.82
Other products not listed are as of this writing determined to not be vulnerable.
Fortinet believes the exploitability and risk in these vulnerability issues are low or non-existent. For more information please contact Fortinet's Technical Assistance Center (TAC).