SOL93122894 - OpenSSL vulnerability CVE-2016-0705

** In the default configuration there is no network access vector. There is no known exposure in the default configuration. Customized applications that are parsing DSA keys from untrusted input sources may expose this issue; however, that is a rare configuration. In most cases, this issue would be exposed only to a logged in user to exploit vulnerability on the BIG-IQ system.

Vulnerability Recommended Actions

If you are running a version listed in theVersions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To mitigate this vulnerability, you can restrict administrative access to trusted users only. Additionally, avoid the processing or use of DSA keys from untrusted sources in any iRulesLX, iAppsLX, or ECV.

Impact of action: Performing the previous action should not have a negative impact on your system.

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)
• SOL10025: Managing BIG-IP product hotfixes (10.x)