This article applies to BoKS Manager 6.7.0, 6.7.1 and 7.0.0.
OpenSSL Security Advisory of 2016-09-22 lists multiple vulnerabilities in the OpenSSL library used for encryption of network communication in BoKS Manager.
Two of the vulnerabilities have severity Medium or higher and hotfixing is recommended:
For details see advisory notes 12752 and 12759 in the FoxT customer support portal.
Resolution / Workaround
To resolve these issues, apply hotfix HFBM-0153 (BoKS 6.7) or HFBM-0154 (BoKS 7.0), available for download from the HelpSystems Community Portal.
This hotfix upgrades the OpenSSL library used in BoKS SSL/TLS servers to version 1.0.2j where CVE-2016-6304 and CVE-2016-2183 have been fixed.
This hotfix also fixes two less severe issues:
Still have questions? We can help. Submit a case to Technical Support.