topic RE: OpenSSL 3.0 Threats a.k.a POODLE in ExtremeSwitching (Other)

OpenSSL 3.0 Threats a.k.a POODLE

Ronald_Dvorak — Thu, 18 Dec 2014 18:25:00 GMT

VN-2014-003- Poodle - OpenSSL 3.0 Threat -CVE-2014-3566

What about the 800series - that one isn't listed.

IdentiFi Wireless - target release is 9.12.04 & 8.32.12 - both are out already but I don't see any information in the release notes that the bug is fixed.
Also 9.15 is a higher version then 9.12 so is that fixed in 9.15?

Thx,
Ron

RE: OpenSSL 3.0 Threats a.k.a POODLE

Drew_C — Thu, 18 Dec 2014 22:14:00 GMT

Let me ask around, Ron. I'll get back to you shortly.

RE: OpenSSL 3.0 Threats a.k.a POODLE

Drew_C — Fri, 19 Dec 2014 03:16:00 GMT

Hi Ron,
I consulted our vulnerability team and was informed that the 800-series fits in with the recommendations for the A,B,C,D,G-Series. I'm not sure why it wasn't explicitly listed in the VN posting.

In regards to IdentiFi, the issue was resolved in 8.32.13 and 9.15.01. The 9.12 software stream is end-of-support and was replaced by 9.15. I've asked them to make sure the Release Notes get updated to include this information. Thanks for pointing it out!

I hope this helps answer your questions.

-Drew

RE: OpenSSL 3.0 Threats a.k.a POODLE

Ronald_Dvorak — Fri, 19 Dec 2014 04:37:00 GMT

Hi Drew,
thanks for the clarification but unfortunately your post brought up some more questions...

I'm very surprised that 9.12 is already end of support - the first 9.12 version was released only 6 month ago.

Which brings me to a much more important question.... where could I find this information, how should a partner know which software release is supported and which is declared end of support by Extreme Networks.

I'd call the GTAC every day but I think they are kind of busy with all the tickets that I've raised already.

Ron