The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of SSL 3.0: decrypting session, POODLE

Synthesis of the vulnerability 

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information.
Impacted systems: SES, SNS, Apache httpd, Arkoon FAST360, ArubaOS, Asterisk Open Source, BES, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, IronPort Email, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, WebNS, Clearswift Email Gateway, Clearswift Web Gateway, CUPS, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, F-Secure AV, hMailServer, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, ProCurve Switch, SiteScope, HP Switch, TippingPoint IPS, HP-UX, AIX, Domino by IBM, Notes by IBM, Security Directory Server, SPSS Data Collection, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, NETASQ, NetBSD, NetScreen Firewall, ScreenOS, nginx, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Solaris, Tuxedo, WebLogic, Palo Alto Firewall PA***, PAN-OS, Polycom CMA, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, Postfix, SSL protocol, Puppet, RHEL, JBoss EAP by Red Hat, RSA Authentication Manager, ROS, ROX, RuggedSwitch, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, WinSCP.
Severity of this alert: 3/4.
Creation date: 15/10/2014.
Références of this alert: 10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, CERTFR-2016-AVI-303, cisco-sa-20141015-poodle, cpujul2017, CTX216642, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, openSUSE-SU-2017:0980-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193.

Description of the vulnerability 

An SSL/TLS session can be established using several protocols:
 - SSL 2.0 (obsolete)
 - SSL 3.0
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2

An attacker can downgrade the version to SSLv3. However, with SSL 3.0, an attacker can change the padding position with a CBC encryption, in order to progressively guess clear text fragments.

This vulnerability is named POODLE (Padding Oracle On Downgraded Legacy Encryption).

An attacker, located as a Man-in-the-Middle, can therefore decrypt a SSL 3.0 session, in order to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness announce impacts software or systems such as SES, SNS, Apache httpd, Arkoon FAST360, ArubaOS, Asterisk Open Source, BES, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, IronPort Email, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, WebNS, Clearswift Email Gateway, Clearswift Web Gateway, CUPS, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, F-Secure AV, hMailServer, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, ProCurve Switch, SiteScope, HP Switch, TippingPoint IPS, HP-UX, AIX, Domino by IBM, Notes by IBM, Security Directory Server, SPSS Data Collection, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, NETASQ, NetBSD, NetScreen Firewall, ScreenOS, nginx, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Solaris, Tuxedo, WebLogic, Palo Alto Firewall PA***, PAN-OS, Polycom CMA, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, Postfix, SSL protocol, Puppet, RHEL, JBoss EAP by Red Hat, RSA Authentication Manager, ROS, ROX, RuggedSwitch, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, WinSCP.

Our Vigil@nce team determined that the severity of this vulnerability alert is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer threat announce.

Solutions for this threat 

OpenSSL: version 1.0.1j.
The version 1.0.1j is fixed:
  https://www.openssl.org/

OpenSSL: version 1.0.0o.
The version 1.0.0o is fixed:
  https://www.openssl.org/

OpenSSL: version 0.9.8zc.
The version 0.9.8zc is fixed:
  https://www.openssl.org/

OpenSSL: patch for POODLE, TLS_FALLBACK_SCSV.
A patch is available in information sources.
With this patch, SSLv3 can still be used, by implementing TLS_FALLBACK_SCSV. The PDF document explains how it works.

Apache httpd: workaround for POODLE.
A workaround is to disable SSLv3 (be aware of compatibility issues with Internet Explorer 6), in httpd.conf :
  SSLProtocol All -SSLv2 -SSLv3

Arkoon, Netasq: solution for POODLE.
The solution is indicated in information sources.

Aruba: solution for POODLE.
The solution is indicated in information sources.

Asterisk: solution for POODLE.
The following versiosn are fixed: 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1.

BlackBerry Enterprise Server: solution for POODLE.
The solution is indicated in information sources.

Blue Coat: solution for POODLE.
The solution is indicated in information sources.

Check Point: solution against POODLE.
The solution is indicated in information sources.

Cisco: solution for POODLE.
The solution is indicated in information sources.

Citrix NetScaler: fixed versions for LOM Firmware.
Fixed versions are indicated in information sources.

Citrix NetScaler Platform IPMI LOM: solution.
The solution is indicated in information sources.

Clearswift SECURE Email Gateway: version 3.8.4.
The version 3.8.4 is fixed:
  http://www.clearswift.com/

Clearswift SECURE Web Gateway: version 3.2.4.
The version 3.2.4 is fixed:
  http://www.clearswift.com/

CUPS: version 2.0.1.
The version 2.0.1 is fixed:
  http://www.cups.org/software.php

Debian: new lighttpd packages.
New packages are available:
  Debian 7: lighttpd 1.4.31-4+deb7u4

Debian: new openssl packages.
New packages are available:
  Debian 7: openssl 1.0.1e-2+deb7u13

Debian: new pound packages.
New packages are available:
  Debian 7: pound 2.6-2+deb7u1
  Debian 8: pound 2.6-6+deb8u1

Extreme Networks: solution for POODLE.
The solution is indicated in information sources.

F5 BIG-IP: workaround for POODLE.
A workaround is indicated in the information source.

Fedora 20: new deluge packages.
New packages are available:
  Fedora 20: deluge 1.3.10-1.fc20

Fedora: new claws-mail packages.
New packages are available:
  Fedora 19: claws-mail 3.11.1-2.fc19
  Fedora 20: claws-mail 3.11.1-2.fc20

Fedora: new claws-mail-plugins packages.
New packages are available:
  Fedora 19: claws-mail-plugins 3.11.1-1.fc19
  Fedora 20: claws-mail-plugins 3.11.1-1.fc20

Fedora: new fossil packages.
New packages are available:
  Fedora 21: fossil 1.33-1.fc21
  Fedora 22: fossil 1.33-1.fc22

Fedora: new libetpan packages.
New packages are available:
  Fedora 19: libetpan 1.6-1.fc19
  Fedora 20: libetpan 1.6-1.fc20

Fedora: new libuv packages.
New packages are available:
  Fedora 19: libuv 0.10.29-1.fc19
  Fedora 20: libuv 0.10.29-1.fc20
  Fedora 21: libuv 0.10.29-1.fc21

Fedora: new mingw-openssl packages.
New packages are available:
  Fedora 20: mingw-openssl 1.0.1j-1.fc20
  Fedora 21: mingw-openssl 1.0.1j-1.fc21

Fedora: new nodejs packages.
New packages are available:
  Fedora 19: nodejs 0.10.33-1.fc19
  Fedora 20: nodejs 0.10.33-1.fc20
  Fedora 21: nodejs 0.10.33-1.fc21

Fedora: new openssl packages.
New packages are available:
  Fedora 19: openssl 1.0.1e-40.fc19
  Fedora 20: openssl 1.0.1e-40.fc20

Fedora: new Pound packages.
New packages are available:
  Fedora 19: Pound 2.6-8.fc19
  Fedora 20: Pound 2.6-8.fc20

Fedora: new python-rhsm packages.
New packages are available:
  Fedora 19: python-rhsm 1.13.6-1.fc19
  Fedora 20: python-rhsm 1.13.6-1.fc20

Fedora: new rubygem-httpclient packages.
New packages are available:
  Fedora 20: rubygem-httpclient 2.4.0-2.fc20
  Fedora 19: rubygem-httpclient 2.4.0-2.fc19

Fedora: new subscription-manager packages.
New packages are available:
  Fedora 20: subscription-manager 1.13.6-1.fc20

Fedora: new webkitgtk3 packages.
New packages are available:
  Fedora 20: webkitgtk3 2.2.8-2.fc20
  Fedora 19: webkitgtk3 2.0.4-4.fc19

Fedora: new zarafa packages.
New packages are available:
  Fedora 19: zarafa 7.1.11-1.fc19
  Fedora 20: zarafa 7.1.11-1.fc20

Firefox: workaround pour POODLE.
A workaround is to disable SSLv3 (be aware of compatibility issues).
In order to do so, in about:config set security.tls.version.min=1.

Fortinet: solution for POODLE.
The solution is indicated in information sources.

FreeBSD: patch for OpenSSL.
A patch is available in information sources.
  FreeBSD 8.4, 9.1, 9.2: http://security.freebsd.org/patches/SA-14:23/openssl-8.4.patch
  FreeBSD 9.3: http://security.freebsd.org/patches/SA-14:23/openssl-9.3.patch
  FreeBSD 10.0: http://security.freebsd.org/patches/SA-14:23/openssl-10.0.patch

F-Secure: solution for POODLE.
The solution is indicated in information sources. F-Secure states nothing about F-Secure antivus.

hMailServer: version 5.5.2.
The version 5.5.2 is fixed:
  https://www.hmailserver.com/download_getfile/?downloadid=236

HP BSM: workaround for POODLE.
A workaround is available:
  https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01235323?lang=en&cc=us&hpappid=OSPt

HP Business Service Management: patch for POODLE.
A patch is available in information sources.

HP Data Protector: fixed versions for Poodle.
The following versions are fixed:
  8.13_206 GRP:
    https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM00711729
  9.03MMR:
    https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01029738

HP NNMi: solution for POODLE.
The solution is indicated in information sources.

HP Operations: solution for POODLE.
The solution is indicated in information sources.

HP SiteScope: solution for POODLE.
The solution is indicated in information sources.

HP Switch: solution for OpenSSL.
The solution is indicated in information sources.

HP TippingPoint Intrusion Prevention System: solution for POODLE.
The solution is indicated in information sources.

HP-UX: fixed versions of OpenSSL.
Versions OpenSSL are fixed:
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I
  HP-UX B.11.11: version A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot
  HP-UX B.11.23: version A.00.09.08zc.002a_HP-UX_B.11.23_IA-PA.depot
  HP-UX B.11.31: version A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot

HP-UX: workaround for sendmail.
A workaround is indicated in the information source.

IBM AIX: countermeasure for POODLE.
The IBM announce states how to disable SSLv3.

IBM AIX: patch for OpenSSL.
A patch is available. The announce states the applicable patch reference according to the already installed version of OpenSSL.

IBM AIX: patch for system daemons.
A patch is available in information sources. They are related to the tools ftp, sendmail, imapd, popd.

IBM Domino, Notes: solution for POODLE.
Version 9.0.1 Fix Pack 3 is fixed.
The solution for other branches is indicated in information sources.

IBM Security Directory Server: countermeasure for POODLE.
The IBM announce states how to disable SSLv3.

IBM SPSS Data Collection: solution for POODLE.
The solution is indicated in information sources.

IBM Tivoli Workload Scheduler: solution for OpenSSL.
The solution is indicated in information sources.

IE: workaround pour POODLE.
A workaround is to disable SSLv3 (be aware of compatibility issues):
 - go in Internet Options
 - tab "Avanced"
 - uncheck "Use SSL 3.0"

Ipswitch WS_FTP Server: solution for POODLE.
The solution is indicated in information sources.

Juniper: solution for POODLE.
The solution is indicated in information sources.

Mandriva BS2: new openssl packages.
New packages are available:
  Mandriva BS2: openssl 1.0.1m-1.mbs2

Mandriva: new asterisk packages.
New packages are available:
  Mandriva BS1: asterisk 11.14.1-1.mbs1

Mandriva: new openssl packages.
New packages are available:
  Mandriva BS1: openssl 1.0.0o-1.mbs1

McAfee ePO: solution for Oracle JRE.
The solution is indicated in information sources.

McAfee: solution for POODLE.
The solution is indicated in information sources.

NetBSD: patch for OpenSSL.
A patch is available in information sources.

NetIQ Sentinel Log Manager: version 1.2.2.0 HF1.
The version 1.2.2.0 HF1 is fixed:
  https://download.novell.com/Download?buildid=Pz1STL6q_Q4~

NetIQ Sentinel: version 7.2 SP2.
The version 7.2 SP2 is fixed:
  https://download.novell.com/Download?buildid=SIHFofRnkY0~

nginx: workaround for POODLE.
A workaround is to disable SSLv3 (be aware of compatibility issues with Internet Explorer 6) :
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Node.js: version 0.10.33.
The version 0.10.33 is fixed:
  https://nodejs.org/

openSUSE 13.2: new claws-mail packages.
New packages are available:
  openSUSE 13.2: claws-mail 3.11.0-2.4.1

openSUSE Leap: new slrn packages.
New packages are available:
  openSUSE Leap 42.1: slrn 1.0.3-4.1
  openSUSE Leap 42.2: slrn 1.0.3-4.3.1

openSUSE: new libopenssl0_9_8 packages.
New packages are available:
  openSUSE 13.2: libopenssl0_9_8 0.9.8zh-9.3.1
  openSUSE Leap 42.1: libopenssl0_9_8 0.9.8zh-14.1

openSUSE: new libserf packages.
New packages are available:
  openSUSE 13.2: libserf 1-1-1.3.8-2.4.1
  openSUSE 13.1: libserf 1-1-1.3.8-20.1
  openSUSE 12.3: libserf 1-0-1.1.1-2.8.1

openSUSE: new monit packages.
New packages are available:
  openSUSE Leap 42.1: monit 5.10-10.1

openSUSE: new openssl packages.
New packages are available:
  openSUSE 12.3: openssl 1.0.1j-1.68.1
  openSUSE 13.1: openssl 1.0.1j-11.56.1
  openSUSE 13.2: openssl 1.0.1j-2.4.1

Oracle Database: CPU of July 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2261562.1

Oracle Fusion Middleware: CPU of July 2017.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2261562.1

Palo Alto PAN-OS: solution for POODLE.
The solution is indicated in information sources.

Polycom: solution for POODLE.
The solution is indicated in information sources.

Postfix: workaround for POODLE.
A workaround is to disable SSLv3 (be aware of compatibility issues) :
  smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

Puppet Enterprise: version 3.7.0.
The version 3.7.0 is fixed:
  http://puppetlabs.com/

Puppet: solution for POODLE.
The solution is indicated in information sources.

Red Hat JBoss Enterprise: patch for POODLE.
A patch is available:
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.2.0
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.3.0
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.2.0

Red Hat JBoss Web Server: patch for openssl.
A patch is available:
  https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=2.1.0

Red Hat OpenShift Enterprise: new openshift-origin-node-proxy packages.
New packages are available:
  RHEL 6: openshift-origin-node-proxy 1.22.3.4-1.el6op, openshift-origin-node-proxy 1.16.4.2-1.el6op

Red Hat Storage Server: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-30.el6_6.2

RHEL 5: new openssl packages.
New packages are available:
  RHEL 5: openssl 0.9.8e-31.el5_11

RHEL 6, 7: new openssl packages.
New packages are available:
  RHEL 6: openssl 1.0.1e-30.el6_6.2
  RHEL 7: openssl 1.0.1e-34.el7_0.6

RHEL: new nss packages.
New packages are available:
  RHEL 5: nss 3.16.2.3-1.el5_11
  RHEL 6: nss 3.16.2.3-3.el6_6
  RHEL 7: nss 3.16.2.3-2.el7_0

RSA Authentication Manager: solution for POODLE.
The solution is indicated in information sources.

RSA enVision: solution for POODLE.
The solution is indicated in information sources.

Ruby: solution for POODLE.
The solution is indicated in information sources.

Ruggedcom ROS: version 4.2.0.
The version 4.2.0 is fixed:
  http://www.siemens.com/automation/support-request

Ruggedcom ROX: version 2.9.0.
The version 2.9.0 is fixed:
  http://www.siemens.com/automation/support-request

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zc-i486-1_slack13.0
  Slackware 13.1: openssl 0.9.8zc-i486-1_slack13.1
  Slackware 13.37: openssl 0.9.8zc-i486-1_slack13.37
  Slackware 14.0: openssl 1.0.1j-i486-1_slack14.0
  Slackware 14.1: openssl 1.0.1j-i486-1_slack14.1

Snare Enterprise Agent: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

Solaris 11.2: patch for OpenSSL.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1936662.1

Solaris: patch for Third Party 03/2016.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (07/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (08/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (10/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (12/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (15/04/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (17/02/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for Third Party (19/05/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Solaris: patch for third party software of July 2016 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Spectracom SecureSync: solution for POODLE.
The solution is indicated in information sources.

Splunk Enterprise: version 5.0.11.
The version 5.0.11 is fixed:
  http://www.splunk.com/

Splunk Enterprise: version 6.0.7.
The version 6.0.7 is fixed:
  http://www.splunk.com/

Splunk: version 6.1.5.
The version 6.1.5 is fixed:
  http://www.splunk.com/

Splunk: workaround for POODLE.
A workaround is to disable SSLv3 (be aware of compatibility issues with Internet Explorer 6).

stunnel: version 5.06.
The version 5.06 is fixed:
  https://www.stunnel.org/downloads.html
The version 5.07 fixes a regression error.

SUSE LE 11: new openssl 0.9.8 packages.
New packages are available:
  SUSE LE 11: openssl 0.9.8j-0.66.1

SUSE LE 11: new openssl packages.
New packages are available, as indicated in information sources.

SUSE LE 11: new suseRegister packages.
New packages are available:
  SUSE LE 11: suseRegister 1.4-1.35.1

SUSE LE: new cyrus-imapd packages.
New packages are available:
  SUSE LE 11 SP4: cyrus-imapd 2.3.11-60.65.67.1
  SUSE LE 12 RTM: cyrus-imapd 2.3.18-37.1
  SUSE LE 12 SP1: cyrus-imapd 2.3.18-37.1

Synology: solution for POODLE.
The solution is indicated in information sources.

Tivoli Workload Scheduler: solution for OpenSSL and Java.
The solution is indicated in information sources.

Ubuntu 14.04: new cups packages.
New packages are available:
  Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.7

VMware ESXi 5.0: patch ESXi500-201502001.
A patch is available:
  http://kb.vmware.com/kb/2101910

VMware ESXi 5.1: patch ESXi510-201503001.
A patch is available:
  http://kb.vmware.com/kb/2099286

VMware ESXi 5.5: patch ESXi550-201501001.
A patch is available:
  ESXi550-201501001.zip
  http://kb.vmware.com/kb/2099265

VMware vCenter Server: version 5.5 Update 2d.
The version 5.5 Update 2d is fixed:
  https://www.vmware.com/go/download-vsphere

WebSphere AS: solution for POODLE.
The solution is indicated in information sources.

WebSphere AS: version 8.0.0.10.
The version 8.0.0.10 is fixed:
  http://www-01.ibm.com/support/docview.wss?uid=swg24039242

WebSphere AS: version 8.5.5.4.
The version 8.5.5.4 is fixed:
  http://www.ibm.com/support/docview.wss?uid=swg24038539

WebSphere MQ: solution.
The solution is indicated in information sources.

WebSphere MQ: workaround for POODLE.
A workaround is forbidding cipher suites which are specific to SSL v3. The list of these suites is provided in the information source.

Windows: workaround for POODLE.
A workaround is indicated in the information source.

Wind River Linux: solution for POODLE.
The solution is indicated in information sources.

WinSCP: version 5.5.6.
The version 5.5.6 is fixed:
  http://winscp.net/eng/download.php
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.