Email Gateway update fixes several OpenSSL vulnerabilities

Email Gateway update fixes several OpenSSL vulnerabilities

DearBytesNieuwsProduct updatesEmail Gateway update fixes several OpenSSL vulnerabilities

woensdag 13 december 2017

Customers running MEG 7.6.400 and below are vulnerable to a few parsing-related vulnerabilities that were found in a DNS-related library, which is used by McAfee’s Email Gateway appliances (https://kc.mcafee.com/corporate/index?page=content&id=SB10214).

Customers running MEG 7.6.404 and below are vulnerable to several severe cryptographic vulnerabilities that were found in a TLS-related library, which is used by McAfee’s Email Gateway appliances (https://kc.mcafee.com/corporate/index?page=content&id=SB10215).

All customers running one or more MEG appliance should patch to at least MEG version 7.6.405h1157986-3374.102. This patch contains updated versions of the libraries mentioned above, which are no longer vulnerable to the mentioned vulnerabilities.

Please note that the MEG appliances are considered End Of Life and will no longer be getting any new features. As this is no longer a product of focus for McAfee, security patches might not be as timely as you might be used to.