I have an old SA-3000 that I'm planning on replacing. In the meantime, does it use GNU TLS? I have a fairly strict security environment (yes, please don't laugh, a decade-old SA-3000 doesn't really mesh with a "strict security environment") and need to know if I need to discontinue its use until we can get the MAG 4610s in place.
This is about the recently discovered GNU TLS library vulnerabilities.
Things like vulnerable do not really have anything to do with the hardware. More if you can have a software version installed on the box that closes the gap.
I guess you are on the latest IVE OS version available for the box. If there however have been no updates available for the box over the past months, you can pretty sure state that the GNU TLS bug is not and will not be resolved for this system.
Generally, for this type of question I look to the release notes for the software updates that occurred since the vulnerability was announced. Open each one and search for the key word.
the other method is to open a JTAC ticket with the request to know what software version released this fix for your platform.
Hopefully, someone knows a better way to get an answer than these.
I was introduced to the Security Advisory database. A much simpler way to find out the software releases needed for specific security flaws. This lists the affected platforms and OS and the release where the fix was delivered.
And what if the hardware acceleration to offload cryptographic is vulnerable to this bug?