Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Viewing all articles
Browse latest Browse all 5385

Heartbleed and the LEM

$
0
0

Hey all!

 

We've had only one person call into support to ask this so far that I know of, but I figure I'll post this:

 

The LEM is safe from Heartbleed.

 

If you don't know what Heartbleed is, you ought to go find out, especially if you use any OpenSSL in your environment.

 

What version of OpenSSL is the LEM using?

 

I ran the dpkg --list on my lab LEM for your benefit and to verify.  The version in LEM 5.7 is:

 

openssl 0.9.8o-4squeeze14

 

As with many applications, if you're not on 5.7, you should upgrade to make sure you have the latest security patches and vulnerability fixes, as well as the newest and coolest features.

 

What versions of the OpenSSL are affected?

 

Status of different versions:

 

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

OpenSSL 1.0.1g is NOT vulnerable

OpenSSL 1.0.0 branch is NOT vulnerable

OpenSSL 0.9.8 branch is NOT vulnerable

 

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.


Viewing all articles
Browse latest Browse all 5385

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>