Sidewinder 8.2.1P08 uses openssl 0.9.7h - but I'm not sure if this is actually used for the SSL-Encryption.
Do you have a specific reason for asking about the version? The packages installed on the firewall are modified from their original releases; components are removed or modified and Type Enforcement restrictions are put in place.
Yes, becauce a design weakness (with renegotiation)
In the current 1.0.1? version, this is probably fixed?
0.9.7h release date: 11. Oktober 2005
Eight years ago. ;-)
I think openssl can't update separately, correct?
have anyone an idea? :-/ or should I open a case?
You could raise a case, but sliedl has answered your question.
The way that the underlying opertating system is modified, hardened and controlled by Type Enforcement means that generic notifications concerning possible vulnerabilities in commonly-known processes (bind, sendmail, etc...) are effectively not applicable in this product. Many vulnerabilities are used to provide a way in (through the vulnerable service) so that other services or data files can be accessed or compromised.
So, even if the verision of a process contained known vulnerbilities, Type Enforcement makes them irrelevant.
The key to figuring out if a particular known vulnerability is applicable to the Firewall Enterprise is finding some sort of identification number (CVE-XXXX-XXXX for example). We have many knowledge base articles available at mysupport.mcafee.com addressing vulnerabilities (just search for the CVE number).
After looking closer at your article and clicking on a few links, it appears that they are talking about "CVE-2009-3555". A quick search of this shows this article:
Firewall Enterprise/Command Center Vulnerability CVE-2009-3555 KB69935
The article shows hotfixes required for the 7.x version, but since this vulnerability (and KB article) is old and from before 8.x was released, we can assume that the vulnerability does not apply to 8.x versions.