By now, you should have heard of “Heartbleed” and it’s hopefully not causing you too many headaches.
The OpenSSL project has issued a CVE with regards to memory-contents leakage in the TLS heartbeat extension. CVE-2014-0160, also known as the heartbleed vulnerability, affects products using the OpenSSL library versions 1.0.1 and 1.0.2.
We have been keeping up with all the latest information from our partners regarding which products may be affected and any solutions or work-arounds they have put in place.
Riverbed have released information relating to each of their products that tell you what exactly is affected, how it is affected and how to put work-arounds in place on their support pages.
Palo Alto Networks
Palo Alto Networks has released multiple protections since the threat, which you can update to, to protect yourself from exploitation of this vulnerability. Palo Alto Networks itself is not affected by Heartbleed, but as a leader in security, they offer advice and support, well worth a read, through their blog and news articles. Start your reading with 8 tips for dealing with Heartbleed now.
Talari Networks has sent an email out to their customers advising which appliances and software versions are affected. They have since released software to resolve these issues. If you have not received this email from Talari, please contact us and we can pass the information on.
Castle Rock Computing
Castle Rock has confirmed that SNMPc and SNMPc Online do not use the version of OpenSSL affected by the vulnerability.
Keep up to date with the latest news
We will be keeping up to date with all the latest information and updates, so please get in touch with any questions or concerns at firstname.lastname@example.org
To keep up to date with what we know, follow us on Twitter