On June 5th 2014 the OpenSSL Project published an advisory listing seven security defects in their software along with an update to fix them.
Certain Sophos products use the OpenSSL cryptography libraries and hence this article provides information on the issue in relation to our products.
Important: We are fully investigating this issue and will update this article to provide further information when available.
Applies to the following Sophos product(s) and version(s) Sophos UTM PureMessage for UnixSophos Email ApplianceSophos Web ApplianceSophos UTM ManagerSophos Cloud
See the table below for a list of CVE numbers and brief description.
†CVE provides a standardized reference number and information on public security vulnerabilities and exposures. For more information see the cve.mitre.org website.
The list of defects as published by the OpenSSL Project can be found at the following link:
Until the latest software release on June 5th all versions of OpenSSL in client applications were vulnerable . The flaw goes back to the origin of the code in 1998. Only versions 1.0.1 and higher of the server are vulnerable.
For more information see our naked security blog article:
No. Heartbleed (CVE-2014-0160) was disclosed by the OpenSSL Project on April 7th 2014 and was an earlier software defect.
The table below lists the affected Sophos products, associated CVE number, and further information.
Important: When our development teams complete their investigation all affected products and resolutions will be listed. If a product is not listed in the table below it is not affected in any way.
The affected versions will be fixed in the respective versions below: v8.312(released - Please check KBA 121112 for update instructions) v9.113 (released - Please check KBA 121112 for update instructions) v9.203 (released - Please check KBA 121112 for update instructions)
Patched in version 4.107(released): Up2date link MD5SUM: be4f0d72e7266882bb3cd63cdc92bb90 File size ~198MB
Patched in version 4.201(released): Up2date link MD5SUM: 42ddbb8f7eb30cc98a23f2f88b0e52fe File size ~50MB
If something in the article is not clear leave a comment in the form below. Otherwise post your question to our community:
Todos los comentarios enviados son leídos (por una persona), pero no podemos contestar a preguntas técnicas específicas. Si necesita soporte técnico, publique una pregunta en nuestra comunidad. Como alternativa, en el caso de los productos con licencia, abra una solicitud de soporte.