Knowledge Search


×
 

Junos Pulse/IC (UAC): Details on fixes for OpenSSL "Heartbleed" issue (CVE-2014-0160)/JSA10623

  [KB29007] Show Article Properties


Summary:
This article provides detailed information related to the fixes for OpenSSL "Heartbleed" issue (CVE-2014-0160)/JSA10623  for UAC products.

Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623

Server Side:
1. Unified Access Control software versions 5.0r1 to 5.0r3
2. Unified Access Control software versions 4.4r1 to 4.4r8

Client Side:
1. Junos Pulse (Desktop) version 5.0R1 to 5.0R3
2. Junos Pulse (Desktop) 4.0R5 to 4.0R9.1
3. Odyssey Access Client (OAC) software version 5.6r5 to 5.6r9




Symptoms:
 n/a
Cause:
 n/a
Solution:
Juniper Networks has released the following versions of software to resolve this issue on the server side and client side for its UAC product family. The fixed build includes OpenSSL libraries with disabled heartbeat extension options (using the openssl option -DOPENSSL_NO_HEARTBEATS)

1. UAC software version 5.0R3.2 is available for download from our download site
2. Junos Pulse desktop clients versions 5.0R3.1 and 4.0R9.2 are available for download from our download site
3. Odyssey Access Client version 5.6r9.1 is available for download from our download site  Odyssey Access Client FIPS Edition version 5.6r9.1 is available for download from our download site
4. UAC software version 4.4R10.0 is available for download from our download site

For a list of Frequently Asked Questions, please refer to the FAQ section of KB27004
Related Links: