OpenSSL Security Notififcation

We would advise customers of a community announcement made on 7th April 2014 regarding a security vulnerability in the OpenSSL framework.

The vulnerability, referred as ‘The Heartbleed Bug’ or ‘CVE-2014-0160’, is in OpenSSL’s implementation of TLS (Transport Layer Security), and affects versions of OpenSSL in the 1.0.1 series up to and including 1.0.1f

This vulnerability applies to various Unix platforms. It is serious, and if left untouched may expose private keys. Software patches are available to resolve the threat.

Netnorth have tested our own platforms and our community servers, and where necessary have mitigated against the potential threat. We would advise that customers with co-located servers and administrative control of hosted services take immediate action to bring this product up-to-date.

Further information can be found http://heartbleed.com
If you have any concerns, please contact Netnorth suppport.

 

Bookmark the permalink.

Leave a Reply