NimbostratusHello ereryone: F5-BIG-IP V11.5.1 hotfix10, my customer want to know whether the F5 has been repaired CVE-2016-8610:ssl death alert ? ask f5 not found any information about "cve-2016-8610:ssl death alert ".
CumulonimbusI can't find any F5 documentation on that CVE. Your best Idea if you want an official F5 response is to raise an appropriate F5 SR.
Regards,
NimbostratusHi lainThnoson, 3Q! I will contack support to deal with the case.If I can foudn any information further,I will tell you !
AltostratusQuick Reference info:
https://access.redhat.com/security/cve/CVE-2016-8610
Affected Versions:
OpenSSL All 0.9.8 OpenSSL All 1.0.1 OpenSSL 1.0.2 through 1.0.2h OpenSSL 1.1.0
Not Affected Versions:
OpenSSL 1.0.2i, 1.0.2j OpenSSL 1.1.0a, 1.1.0b
What protocol versions are affected? -All versions (SSL3.0, TLS1.0, TLS1.1, TLS1.2) are affected.
Openssl Version check: > rpm -q openssl
EmployeeF5 has received vulnerability details regarding CVE-2016-8610 and is actively investigating the impact to all F5 products. Once we have completed the research a Solution Article will be posted on AskF5 with the Vulnerability Status for all products and versions along with a Severity rating and Mitigation if applicable. Please see sol4602: Overview of the F5 security vulnerability response policy for details on our process.
NimbostratusThank you