OpenSSL alternative chains certificate forgery (CVE-2015-1793)

Document ID:7016662
Creation Date:09-Jul-2015
Modified Date:09-Jul-2015
- Micro Focus Products:
  Filr
  GroupWise
  GroupWise Messenger
  iPrint
  Open Enterprise Server
  Vibe
  ZENworks Configuration Management

Environment

Novell Filr
Novell GroupWise
Novell iPrint for Linux
Novell Messenger
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Vibe OnPrem
Novell ZENworks Configuration Management

Situation

On July 9th 2015 the OpenSSL projects released patches and a security advisory to address a vulnerability in how alternative certificate chains are processed in recently released versions of OpenSSL. This vulnerability only impacts versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

Resolution

No action is required. There are currently no Novell products using the impacted versions of OpenSSL.

Additional Information

https://www.openssl.org/news/secadv_20150709.txt

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793