DROWN Vulnerability with SSLv2

Posted by ownCloud GmbH – 2. March 2016

We would like to provide you an update on the latest OpenSSL vulnerability known as DROWN. DROWN is a vulnerability that can affect HTTPS servers and other SSL and TLS services. We have received concerns about how this might affect ownCloud and while I’m happy to announce that ownCloud itself remains unaffected, some of the servers on which ownCloud may run could be vulnerable if they are running SSLv2 services.

In response to this threat, we recommend that you upgrade your servers to the latest vendor packages, so that you are no longer exposed to the vulnerability, and to restart the appropriate services. See https://drownattack.com/ for more information, and visit https://test.drownattack.com/ to see if your servers may be vulnerable. If you are unable to do this in such a short amount of time, it is recommended that you disable SSLv2 services ASAP.

If you are using one of the ownCloud clients for Windows, MacOS, Linux, Android and iOS, no worries, they are unaffected and there is no specific update required.

Please fill out the form below to get your download.

Please deactivate your script blocker or use a different browser to load the form.

By submitting this form, you are granting ownCloud GmbH permission to contact you. You can revoke permission any time using the unsubscribe link found at the bottom of every email or by sending an email to info@owncloud.com