This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeline for patching SSL vulnerability (Heartbleed Bug)

Heatbleed Bug (CVE-2014-0160)

Hi

Is there any timeframe for patching this SSL/TLS bug for Astaro Security Gateway V8.
We are on the latest 8.311 (as V8 is an approved appliance for us and V9 is not).

Thanks

Heartbleed Bug
https://news.ycombinator.com/item?id=7548991

This thread was automatically locked due to age.

Parents

0 DirkR over 10 years ago

From a security company like Astaro/Sophos I EXPECT the patch to be available today! A security problem this big has to be fixed with highest priority. Also I think it shows that used libraries are not screened enough.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DirkR over 10 years ago

From a security company like Astaro/Sophos I EXPECT the patch to be available today! A security problem this big has to be fixed with highest priority. Also I think it shows that used libraries are not screened enough.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 drees over 10 years ago in reply to DirkR

Is there any timeframe for patching this SSL/TLS bug for Astaro Security Gateway V8.
We are on the latest 8.311 (as V8 is an approved appliance for us and V9 is not).

I do not think that 8.311 is vulnerable to this bug as it appears that V8 ships with openssl 0.9.8j-fips.

From a security company like Astaro/Sophos I EXPECT the patch to be available today! A security problem this big has to be fixed with highest priority.

That is true. Where is the update for UTM 9?

Also I think it shows that used libraries are not screened enough.

Given the number of vendors and businesses affected by this, I don't think "enough screening" is the problem here.
Cancel
Vote Up 0 Vote Down

Cancel