Heartbleed bug: what resellers must know

Heartbleed bug: what resellers must know

What is the heartbleed bug?

It sounds like a medical condition, but this is actually a serious security vulnerability for websites, servers, gateways, etc, trusting OpenSSL to protect their data. This compromises secret keys, user names and passwords, as well as the actual content, allowing attackers to eavesdrop on communication and steal data directly from servers, web sites and users.

How to fix the bug?

A fixed version of OpenSSL was released on April 7th at the same time as Heartbleed was publicly disclosed. Vendors have released official statements to let you know what you need to do, if anything. Please check the table below to access the relevant bulletins from our vendor portfolio:

Active Communications not affected
Audiocodes Gateways and SBCs with release 6.8 or later are affected. AudioCodes plans to release a patch for software version 6.8 on April 30th 2014. Official bulletin
Extreme Networks Products affected include certain releases of Black Diamond Series, Summit Series, E4G, NetSight appliances, NAC & IA appliances and Purview appliances. Full details and actions
Oracle Some products are affected, and have fixes available. Full product list
Polycom HDX 3.1 and greater, Group Series, RMX, and some SoundPoints are amongst products affected. Full product list and actions
Radware FastView, v5.0 and AppWall v5.7, both with fixes available. Official bulletin
SMART not affected
Snom not affected
Sonus The Sonus SBC 5K v4.0.x is vulnerable – a patch is being built to address the issue.  Customers are advised against upgrading from any earlier releases to 4.0 at this time.Full details
Official Heartbleed Website

Share This Story!

About Author

Get Automatic Updates

Enter your email to receive automatic updates when new posts are created on the discoverUCC blog:

Related Posts