<?xml version="1.0" encoding="UTF-8"?>
<cvrf:cvrfdoc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:cvrf-common="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/common" xmlns:cvrf="http://docs.oasis-open.org/csaf/ns/csaf-cvrf/v1.2/cvrf">
    <cvrf:DocumentTitle>OpenSSL Advisory - December 2015</cvrf:DocumentTitle>
    <cvrf:DocumentType>Fortinet PSIRT Advisories</cvrf:DocumentType>
    <cvrf:DocumentPublisher Type="Vendor">
        <cvrf:ContactDetails>
            Fortinet PSIRT Contact:
            Website: https://fortiguard.fortinet.com/faq/psirt-contact
        </cvrf:ContactDetails>
     </cvrf:DocumentPublisher>
    <cvrf:DocumentTracking>
        <cvrf:Identification>
            <cvrf:ID>FG-IR-15-023</cvrf:ID>
        </cvrf:Identification>
        <cvrf:Status>Final</cvrf:Status>
        <cvrf:Version>1</cvrf:Version>
        <cvrf:RevisionHistory>
            <cvrf:Revision>
                <cvrf:Number>1</cvrf:Number>
                <cvrf:Date>2015-12-10T00:00:00</cvrf:Date>
                <cvrf:Description>Current version</cvrf:Description>
        </cvrf:Revision>
       </cvrf:RevisionHistory>
        <cvrf:InitialReleaseDate>2015-12-10T00:00:00</cvrf:InitialReleaseDate>
        <cvrf:CurrentReleaseDate>2015-12-10T00:00:00</cvrf:CurrentReleaseDate>
    </cvrf:DocumentTracking>
    <cvrf:DocumentNotes>
        <cvrf:Note Title="Summary" Type="Summary" Ordinal="1">
            None
        </cvrf:Note>
        <cvrf:Note Title="Description" Type="General" Ordinal="2">
            OpenSSL released an update in December 2015 to address a small number of vulnerability issues.
        </cvrf:Note>
        <cvrf:Note Title="Impact" Type="General" Ordinal="3">
            Denial of Service, Information Disclosure
        </cvrf:Note>
        <cvrf:Note Title="Solutions" Type="General" Ordinal="4">
            In regards to the recent OpenSSL updates to address CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 and CVE-2015-1794. Fortinet will update OpenSSL in the following releases: FortiOS 5.2.6 and 5.4.0 FortiManager 5.2.5 and 5.4.1 FortiMail 5.3.1 (already fixed in 5.0.9, 5.1.6 and 5.2.7) FortiAuthenticator 4.1 FortiAnalyzer 5.2.5 and 5.4.1 FortiWAN 4.1.2 FortiADC 4.4.0 FortiClient Mac 5.4.1 FortiClient Android 5.2.8 FortiClient iOS 5.2.3 FortiClient 5.4.1 FortiAP 5.4 FortiExtender 2.0.3 and 3.0.0 FortiSwitch-EFX 3.4.0 FortiSwitch 3.4.0 FortiCache 5.2.6 FortiDDoS 4.1.11 and 4.2 FortiRecorder 2.3 FortiDB 5.2 FortiExplorer 2.7.0 FortiSandbox 2.2 FortiWeb 5.5.2 FortiVoice 5.2.1.82 Other products not listed are as of this writing determined to not be vulnerable. Fortinet believes the exploitability and risk in these vulnerability issues are low or non-existent. For more information please contact Fortinet&#39;s Technical Assistance Center (TAC).
        </cvrf:Note>
    </cvrf:DocumentNotes>
    <cvrf:DocumentReferences>
        <cvrf:Reference>
            <cvrf:URL>https://fortiguard.fortinet.com/psirt/FG-IR-15-023</cvrf:URL>
            <cvrf:Description>OpenSSL Advisory - December 2015</cvrf:Description>
        </cvrf:Reference>
        <cvrf:Reference>
            <cvrf:URL>https://www.openssl.org/news/secadv/20151203.txt</cvrf:URL>
            <cvrf:Description>https://www.openssl.org/news/secadv/20151203.txt</cvrf:Description>
        </cvrf:Reference>
    </cvrf:DocumentReferences>
    <Vulnerability Ordinal="1">
        <Title>OpenSSL Advisory - December 2015</Title>
        <cvrf:CVE>CVE-2015-3193</cvrf:CVE>
        <cvrf:CVE>CVE-2015-3194</cvrf:CVE>
        <cvrf:CVE>CVE-2015-3195</cvrf:CVE>
        <cvrf:CVE>CVE-2015-3196</cvrf:CVE>
        <cvrf:CVE>CVE-2015-1794</cvrf:CVE>
        <References Type="Self">
            <Reference>
                <URL>https://fortiguard.fortinet.com/psirt/FG-IR-15-023</URL>
                <Description>OpenSSL Advisory - December 2015</Description>
            </Reference>Reference>
            <Reference>
                <URL>https://www.openssl.org/news/secadv/20151203.txt</URL>
                <Description>https://www.openssl.org/news/secadv/20151203.txt</Description>
            </Reference>
        </References>
    </Vulnerability>
</cvrf:cvrfdoc>