Discussions Sophos and Heartbleed

Community Chat requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 19 subscribers
Views 12732 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos and Heartbleed

RRR over 10 years ago

Hi there, are there any Sophos products affected by the OpenSSL Heartbleed bug?

This thread was automatically locked due to age.

Parents

0 RRR over 10 years ago

Remember: OpenSSL v1.0.0 and all v0.9.x are _not_ vulnerable. They introduced the TLS/DTLS heartbeat feature in v1.0.1 (see overview here: https://en.wikipedia.org/wiki/OpenSSL#Major_version_releases ), so everything after that incl. v1.0.1 is vulnerable.

Based on these fact, here are my findings from my Sophos Enterprise Console server: see screenshot.

My S009 CID is populated with the Sophos Endpoint Security "Preview" version which is v10.3.7.

It looks like *only* the AutoUpdater (SAU) and Firewall (SCF) of the Preview version v10.3.7 are using the vulnerable version of OpenSSL.

The other SAV CIDs/versions are not affected *right now*... but they will be... starting this month (compare staggered upgrade cycle overview here: http://www.sophos.com/en-us/support/knowledgebase/120189.aspx ) with 'Recommended' and 'Extended'! Then in May with 'Previous Recommended' and later on in July 'Previous Extended' will be upgraded to v10.3.7 too.

I wouldn't rely on this information though and await an official answer from Sophos.
:48928
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RRR over 10 years ago

Remember: OpenSSL v1.0.0 and all v0.9.x are _not_ vulnerable. They introduced the TLS/DTLS heartbeat feature in v1.0.1 (see overview here: https://en.wikipedia.org/wiki/OpenSSL#Major_version_releases ), so everything after that incl. v1.0.1 is vulnerable.

Based on these fact, here are my findings from my Sophos Enterprise Console server: see screenshot.

My S009 CID is populated with the Sophos Endpoint Security "Preview" version which is v10.3.7.

It looks like *only* the AutoUpdater (SAU) and Firewall (SCF) of the Preview version v10.3.7 are using the vulnerable version of OpenSSL.

The other SAV CIDs/versions are not affected *right now*... but they will be... starting this month (compare staggered upgrade cycle overview here: http://www.sophos.com/en-us/support/knowledgebase/120189.aspx ) with 'Recommended' and 'Extended'! Then in May with 'Previous Recommended' and later on in July 'Previous Extended' will be upgraded to v10.3.7 too.

I wouldn't rely on this information though and await an official answer from Sophos.
:48928
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data