Problem
On May 3rd, the OpenSSL project team has announced the release of OpenSSL v1.0.2h and 1.0.1t, respectively. This version addresses some vulnerabilities.
One of the most severe is the OpenSSL Memory Corruption Vulnerability (CVE-2016-2108) which also affects TufinOS (as many other Linux).
Solution
If you run Tufin TOS under Red Hat Enterprise Linux or CentOS, please download updated packages and install them on your system.
Tufin is working on a patch for the OpenSSL Memory Corruption Vulnerability. patches for TufinOS 2.11 and TufinOS 1.22 are scheduled for the week of May 16th. So next week an update will be possible. If you don't run the latest version, an upgrade might be necessary before installing the patch.
Further information will be provided by This email address is being protected from spambots. You need JavaScript enabled to view it.upon request.
19.05.2016 - Update:
The patch for TufinOS 2.11 is available now: https://portal.tufin.com/Doc/Default.aspx?id=1208 (Authentication necessary)
For TufinOS 1.22 the patch will be published after Red Hat has published a patch for RHEL 5.
