What is the heartbleed bug?
It sounds like a medical condition, but this is actually a serious security vulnerability for websites, servers, gateways, etc, trusting OpenSSL to protect their data. This compromises secret keys, user names and passwords, as well as the actual content, allowing attackers to eavesdrop on communication and steal data directly from servers, web sites and users.
How to fix the bug?
A fixed version of OpenSSL was released on April 7th at the same time as Heartbleed was publicly disclosed. Vendors have released official statements to let you know what you need to do, if anything. Please check the table below to access the relevant bulletins from our vendor portfolio:
|Active Communications||not affected|
|Audiocodes||Gateways and SBCs with release 6.8 or later are affected. AudioCodes plans to release a patch for software version 6.8 on April 30th 2014. Official bulletin|
|Extreme Networks||Products affected include certain releases of Black Diamond Series, Summit Series, E4G, NetSight appliances, NAC & IA appliances and Purview appliances. Full details and actions|
|Oracle||Some products are affected, and have fixes available. Full product list|
|Polycom||HDX 3.1 and greater, Group Series, RMX, and some SoundPoints are amongst products affected. Full product list and actions|
|Radware||FastView, v5.0 and AppWall v5.7, both with fixes available. Official bulletin|
|Sonus||The Sonus SBC 5K v4.0.x is vulnerable – a patch is being built to address the issue. Customers are advised against upgrading from any earlier releases to 4.0 at this time.Full details|