0 Replies Latest reply on Mar 30, 2016 9:03 AM by Scott Olswold

    Pharos Omega PS-150 and the DROWN Attack

    Scott Olswold Guide

      In the ever-changing world of IT Security, CVE-2016-0800 was released publicly on 1 March 2016. This bulletin describes the "DROWN" attack (https://drownattack.com/) and compromised systems. The Pharos Omega PS-150's latest available firmware includes an OpenSLL implementation that is "at risk" for the DROWN attack. In an effort to mitigate any risk to your organization's, and patrons', security, we have made available a firmware release, version 2.2.2 Revision 11651, that implements OpenSSL 1.0.2g. Please find the link below to download a copy of this firmware for use on your PS-150 units. This link is "live" until 29 May 2016. After the 29th, please contact Pharos Customer Support for a new link.

      https://private.filesanywhere.com/pharos/fs/v.aspx?v=8970638f61666ea97267

      Instructions for upgrading the firmware on the PS-150 is inside the general documentation that comes in the downloaded package. After downloading the zip file please right-click on the .ZIP file prior to extracting it, select Properties > General TAB and if the file is blocked please click the unblock button.

      NOTE: The current Omega PS-200 firmware found on the main page of the "iMFPs, Omegas, & Sentry" Community place also protects against DROWN.