Vulnerability TSL and SSL protocols: Citrix upgrade the Secure Gateway, NetScaler and Access Gateway Enterprise - Update
Newly discovered vulnerability in the renegotiation protocol Transport Layer Security (TLS) and Secure Socket Layer (SSL) that could allow you to insert code at the beginning of a stream of data being protected.
So Citrix has released an update of the Secure Gateway to solve the problem. But this raises a question: all other products that use TLS / SSL (in particular Citrix Access Gateway Standard and Advanced) are immune?
For now you can download and update the Citrix Secure Gateway 3.0 and 3.1:
- Secure Gateway Version 3.0 Hotfix 10
- Secure Gateway Version 3.1.3
- Transport Layer Security Vulnerability Renegotiation
Update: Citrix has released an update to immediately NetScaler and Access Gateway Enterprise for which you need to update the firmware to at least version 8.1 build 68.7 to 99.8 and to build for version 9.1.
You can download updates to the following addresses:
Other articles on similar topics:
- Vulnerability in Citrix Secure Gateway 3.1.4
- Vulnerability in Citrix Secure Gateway 3.1
- New security bulletin: Cross Site Scripting Vulnerability in Citrix Access Gateway Enterprise Edition Logon Portal
- Citrix Secure Gateway version 3.1.2 arrives
- Access Gateway Enterprise Edition 8.0, Maintenance Build 50.3
- Citrix released Hotfix AAC450W005 for Access Gateway Advanced Edition 4.5
- Access Gateway Standard and Enterprise: New firmware released with the theme "carbon fiber"
