Copy link to clipboard
Copied
Is RTMPS affected by following vulnerabilitys?
I use AMS 5.0.3 on CentOS 6.4.
CVE-2014-3508,CVE-2014-5139,CVE-2014-3509,CVE-2014-3505,
CVE-2014-3506,CVE-2014-3507,CVE-2014-3510,CVE-2014-3511,
CVE-2014-3512
Thanks.
Copy link to clipboard
Copied
Hi
AMS 5.0.6 has the OpenSSL fix.
Please get it from updaters page.
http://www.adobe.com/support/flashmediaserver/downloads_updaters.html
Release notes are here
Copy link to clipboard
Copied
Thank you for your reply.
I read Release notes of AMS 5.0.6.
"Bundled OpenSSL version has been updated to openssl-1.0.1h."
Isn't openssl-1.0.1h affected by following vulnerabilitys?
CVE-2014-3508,CVE-2014-5139,CVE-2014-3509,CVE-2014-3505,
CVE-2014-3506,CVE-2014-3507,CVE-2014-3510,CVE-2014-3511,
CVE-2014-3512
Thanks.
Copy link to clipboard
Copied
Copy link to clipboard
Copied
> http://www.openssl.org/news/secadv_20140605.txt
secadv_20140605.txt doesn't mention about vulnerabilities below.
CVE-2014-3508,CVE-2014-5139,CVE-2014-3509,CVE-2014-3505,
CVE-2014-3506,CVE-2014-3507,CVE-2014-3510,CVE-2014-3511,
CVE-2014-3512
As far as I know, we need to use openssl-1.0.1i to cope with them.
Is AMS 5.0.6 coped with them?
Copy link to clipboard
Copied
The issues reportedly fixed on 1.0.1i do not affect AMS.
Copy link to clipboard
Copied
Thank you for your reply.
Is AMS unrelated to CVE-2014-3511 ?
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
https://www.openssl.org/news/secadv_20140806.txt
Thanks.