On May 3, 2016, a new version of the OpenSSL library was released. The latest version (1.0.2h) addresses several security vulnerabilities, including two marked as “high” severity. To ensure our customers continue to get world-class security, we have updated Verizon Digital Media Services’ global CDN to use the latest version (1.0.2h) of the the OpenSSL library.
The following high-severity vulnerabilities have been addressed in version 1.0.2h:
For a complete list of the vulnerabilities addressed in the release, please see the OpenSSL Security Advisory: https://www.openssl.org/news/secadv/20160503.txt
To ensure comprehensive security of web applications, we advise our customers to upgrade their applications and origin infrastructure to use version 1.0.2h of the OpenSSL library. If you are using version 1.0.1, you are advised to upgrade to version 1.0.1t that was also released on May 3, 2016. Please note that OpenSSL will end the support for version 1.0.1 on December 31, 2016.
Dave Andrews, Sec.C Lead Engineer
Vikas Phonsa, Senior Product Manager — Security Solutions