Heartbleed vendor notifications
As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications. I'd like to start a list here and either via comments or sending it let us know of vendor notifications relating to this issue. Please provide comments to the original article relating to the vulnerability itself, and use this post to only provide links to vendor notifications rather than articles etc about the issue.
So far:
- CACert - https://blog.cacert.org/2014/04/openssl-heartbleed-bug/
- Cisco - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
- Fortinet - http://www.fortiguard.com/advisory/FG-IR-14-011/
- Gentoo Linux - http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml
- Juniper - http://kb.juniper.net/InfoCenter/index?page=content&id=KB29004 (login required)
- Juniper - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623
- F5 - http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- Novell - http://support.novell.com/security/cve/CVE-2014-0160.html
- OpenVPN - https://community.openvpn.net/openvpn/wiki/heartbleed
- Aruba - http://www.arubanetworks.com/support/alerts/aid-040814.asc
- CheckPoint - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173
- openssl - https://www.openssl.org/news/secadv_20140407.txt
- redhat - https://access.redhat.com/security/cve/CVE-2014-0160
- Slackware - hxxp://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622
- sparklabs/viscosity openvpn client - https://www.sparklabs.com/viscosity/releasenotes/
- watchguard - http://watchguardsecuritycenter.com/2014/04/08/the-heartbleed-openssl-vulnerability-patch-openssl-asap/
- viscosity - https://www.sparklabs.com/blog/
There are no doubt more please add them via comments. Please stick to security related products, operating systems and core infrastructure items.
Apple users: OS X Mavericks (10.9) ships by default with OpenSSL 0.9.8. However, if you are using mac ports, OpenSSL 1.0.1 is installed. An update is available (run "sudo upgrade outdated").
an NMAP script has also been released to check for the vunerability According to the tweet "script ssl-heartbleed.nse committed to #nmap as rev 32798" That should help speed up checking.
We have started seeing active checking for this issue, so I would encourage people to hurry up and patch.
Cheers
Mark H
Keywords:
76 comment(s)
×
Diary Archives
Comments
Also have some workarounds via IPS signs.
Anonymous
Apr 9th 2014
1 decade ago
Anonymous
Apr 9th 2014
1 decade ago
Anonymous
Apr 9th 2014
1 decade ago
http://security.gentoo.org/glsa/glsa-201404-07.xml
Anonymous
Apr 9th 2014
1 decade ago
Anonymous
Apr 9th 2014
1 decade ago
UTM up to 9.6 vulnerable
SUM 4.1 may be vulnerable
Anonymous
Apr 9th 2014
1 decade ago
Anonymous
Apr 9th 2014
1 decade ago
http://mgabor.blogs.balabit.com/2014/04/09/shell-control-box-a-perfect-fit-against-the-heartbleed-bug/
Anonymous
Apr 9th 2014
1 decade ago
"McAfee is aware of the Heartbleed Vulnerability (CVE-2014-0160). This is a vulnerability in OpenSSL that could allow an attacker to gain access to system memory (in 64K chunks) which potentially could contain sensitive information or communications.
McAfee is investigating affected products and will be provide additional information via SNS today."
Anonymous
Apr 9th 2014
1 decade ago
"NoMachine has already commenced building and testing its own software with the updated OpenSSL libraries. The new packages will be released as soon..."
Anonymous
Apr 9th 2014
1 decade ago