OpenSSL SSL/TLS clients and servers are being compromised by man-in-the-middle (MITM) attacks. In this attack, a hacker can decrypt and modify traffic between vulnerable clients and servers. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers appear to be vulnerable to just OpenSSL 1.0.1 and 1.0.2-beta1. This vulnerability affects Symantec Secure Email Proxy and Symantec Secure App Proxy.
The attached file is an ISO that contains a script. The script detects App Proxy or Email Proxy installation, displays currently used versions of OpenSSL and the version to be applied, and prompts you to apply the patch.
Mount the .iso.
3. Type the following command:
Symantec Secure Email Proxy server 4.4 and later
Symantec Secure App Proxy server 4.4 and later
Imported Document ID: TECH222815
ISO with a script & OpenSSL binaries ISO with apply.sh script and openssl executable/so files