Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
The OpenSSL team announced on Monday July 6th 2015, that it had a high severity update coming out in three days' time. The update was published Thursday July 9th 2015.
Applies to the following Sophos products and versions
Not product specific
No Sophos products are at risk from this bug.
Only the current pre-release Beta version of Sophos Management Communication System (MCS 3.0.0 Beta), a component used by Sophos Central and UTM Endpoint products, includes an affected version of OpenSSL. However, MCS does not use the relevant part of the OpenSSL code for certificate verification, so cannot fall foul of the bug. Nevertheless, we expect to update MCS 3 Beta with the latest OpenSSL version by mid-August 2015. All other Sophos product families either don't use OpenSSL at all, or use one of the unaffected versions.
No action is required as no Sophos products are affected.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.