Yet another OpenSSL security advisory released January 26, 2017 has revealed four new issues ranging from moderate to low severity. We would like to reassure our customers that NetScaler is unaffected by these vulnerabilities.
CVE-2017-3731 If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.
NetScaler does not have support for CHACHA/POLY-based cipher suites, and does not carry the affected code relating to the insecure usage of RC4-MD5. Customers may, further, choose to disable the RC4-MD5 cipher suite on NetScaler as a recommended best practice measure.
If the IPMI/LOM port on your NetScaler hardware appliance is configured to connect to servers that may use RC4-MD5, please ensure that it is only configured to connect to trusted servers. The trusted server should not negotiate a connection using the insecure RC4-MD5 cipher suite to avoid exposure to this known vulnerability.
Turn off RC4-MD5 on NetScaler
Read the entire article here, OpenSSL January 2017 Advisory and NetScaler
via the fine folks at Citrix Systems, Inc.