Intel Security update fixes OpenSSL vulnerability CVE-2016-2177 in McAfee ePolicy Orchestrator (ePO).
AFFECTED SOFTWARE
The vulnerability is remediated in these versions:
CVE-2016-2177 (CVSS: 5.9; Severity: High) ePO 5.1.3 and 5.3.2 and earlier versions of ePO consume OpenSSL 1.0.1r which is vulnerable to CVE-2016-2177 (incorrectly uses pointer arithmetic for heap-buffer boundary checks).
RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10165, Intel Security - Security Bulletin: ePolicy Orchestrator update fixes OpenSSL vulnerability CVE-2016-2177 (https://kc.mcafee.com/corporate/index?page=content&id=SB10165)
AFFECTED SOFTWARE
- ePO 5.1.3 and earlier
- ePO 5.3.2 and earlier
The vulnerability is remediated in these versions:
- ePO 5.1.3 + EPO5xHF1147158.zip
- ePO 5.3.1 + EPO5xHF1147158.zip
- ePO 5.3.2 + EPO5xHF1147158.zip
CVE-2016-2177 (CVSS: 5.9; Severity: High) ePO 5.1.3 and 5.3.2 and earlier versions of ePO consume OpenSSL 1.0.1r which is vulnerable to CVE-2016-2177 (incorrectly uses pointer arithmetic for heap-buffer boundary checks).
RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10165, Intel Security - Security Bulletin: ePolicy Orchestrator update fixes OpenSSL vulnerability CVE-2016-2177 (https://kc.mcafee.com/corporate/index?page=content&id=SB10165)