• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0

OpenSSL vulnerability 6 Aug 2014

New Here ,
Aug 17, 2014 Aug 17, 2014

Copy link to clipboard

Copied

Is RTMPS affected by following vulnerabilitys?

I use AMS 5.0.3 on CentOS 6.4.

CVE-2014-3508,CVE-2014-5139,CVE-2014-3509,CVE-2014-3505,

CVE-2014-3506,CVE-2014-3507,CVE-2014-3510,CVE-2014-3511,

CVE-2014-3512

Thanks.

Views

691

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Aug 17, 2014 Aug 17, 2014

Copy link to clipboard

Copied

Hi

AMS 5.0.6 has the OpenSSL fix.

Please get it from updaters page.

http://www.adobe.com/support/flashmediaserver/downloads_updaters.html

Release notes are here

Adobe - Flash Media Server : Release Notes

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 18, 2014 Aug 18, 2014

Copy link to clipboard

Copied

Thank you for your reply.

I read Release notes of AMS 5.0.6.

"Bundled OpenSSL version has been updated to openssl-1.0.1h."

Isn't openssl-1.0.1h affected by following vulnerabilitys?

CVE-2014-3508,CVE-2014-5139,CVE-2014-3509,CVE-2014-3505,

CVE-2014-3506,CVE-2014-3507,CVE-2014-3510,CVE-2014-3511,

CVE-2014-3512

Thanks.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Aug 18, 2014 Aug 18, 2014

Copy link to clipboard

Copied

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 18, 2014 Aug 18, 2014

Copy link to clipboard

Copied

> http://www.openssl.org/news/secadv_20140605.txt

secadv_20140605.txt doesn't mention about vulnerabilities below.

CVE-2014-3508,CVE-2014-5139,CVE-2014-3509,CVE-2014-3505,

CVE-2014-3506,CVE-2014-3507,CVE-2014-3510,CVE-2014-3511,

CVE-2014-3512

As far as I know,  we need to use openssl-1.0.1i  to cope with them.

Is AMS 5.0.6 coped with them?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 21, 2014 Aug 21, 2014

Copy link to clipboard

Copied

The issues reportedly fixed on 1.0.1i do not affect AMS.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 21, 2014 Aug 21, 2014

Copy link to clipboard

Copied

LATEST

Thank you for your reply.

Is AMS unrelated to CVE-2014-3511 ?

OpenSSL TLS protocol downgrade attack (CVE-2014-3511)

OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.

https://www.openssl.org/news/secadv_20140806.txt

Thanks.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines