Advisory Notice - TLS heartbeat read overrun (CVE-2014-0160)

If you're reading this you're probably already familiar with the "Heartbleed" vulnerability in certain versions of OpenSSL

The issue doesn't reside within our CryptoComply module. This issue is in the upstream OSSL stack, which is outside of the FIPS boundary. While there is no impact to FIPS, we know that customers are using our binaries built with ossl upstream. 

We responded and had new builds commencing within a few hours of the notice. Builds are available in the downloads area of the knowledge base. Binaries titled with prefix of "openssl101g-" are the patched versions (e.g., the 64-bit Linux build with CryptoComply is "openssl101g-linux-el6-x86_64"

We recommend that our customers migrate to this version if you're running CryptoComply with upstream OSSL compiled. 

Have more questions? Submit a request

0 Comments

Article is closed for comments.