Heartbleed vendor notifications

Heartbleed vendor notifications
As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications. I'd like to start a list here and either via comments or sending it let us know of vendor notifications relating to this issue. Please provide comments to the original article relating to the vulnerability itself, and use this post to only provide links to vendor notifications rather than articles etc about the issue. So far: CACert - https://blog.cacert.org/2014/04/openssl-heartbleed-bug/ Cisco - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed Fortinet - http://www.fortiguard.com/advisory/FG-IR-14-011/ Gentoo Linux - http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml Juniper - http://kb.juniper.net/InfoCenter/index?page=content&id=KB29004 (login required) Juniper - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623 F5 - http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html Novell - http://support.novell.com/security/cve/CVE-2014-0160.html OpenVPN - https://community.openvpn.net/openvpn/wiki/heartbleed Aruba - http://www.arubanetworks.com/support/alerts/aid-040814.asc CheckPoint - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173 openssl - https://www.openssl.org/news/secadv_20140407.txt redhat - https://access.redhat.com/security/cve/CVE-2014-0160 Slackware - hxxp://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622 sparklabs/viscosity openvpn client - https://www.sparklabs.com/viscosity/releasenotes/ watchguard - http://watchguardsecuritycenter.com/2014/04/08/the-heartbleed-openssl-vulnerability-patch-openssl-asap/ viscosity - https://www.sparklabs.com/blog/ There are no doubt more please add them via comments. Please stick to security related products, operating systems and core infrastructure items. Apple users: OS X Mavericks (10.9) ships by default with OpenSSL 0.9.8. However, if you are using mac ports, OpenSSL 1.0.1 is installed. An update is available (run "sudo upgrade outdated"). an NMAP script has also been released to check for the vunerability According to the tweet "script ssl-heartbleed.nse committed to #nmap as rev 32798" That should help speed up checking. We have started seeing active checking for this issue, so I would encourage people to hurry up and patch. Cheers Mark H	Mark 391 Posts ISC Handler Apr 9th 2014
Thread locked Subscribe	Apr 9th 2014 7 years ago
Fortinet - http://www.fortiguard.com/advisory/FG-IR-14-011/ Also have some workarounds via IPS signs.	Anonymous
Quote	Apr 9th 2014 7 years ago
Ubuntu Security Notice: http://www.ubuntu.com/usn/usn-2165-1/	Anonymous
Quote	Apr 9th 2014 7 years ago
http://www.ubuntu.com/usn/usn-2165-1/	Anonymous
Quote	Apr 9th 2014 7 years ago
Gentoo http://security.gentoo.org/glsa/glsa-201404-07.xml	Geoff 1 Posts
Quote	Apr 9th 2014 7 years ago
Crickets from Mcafee... that is troubling.	Geoff 1 Posts
Quote	Apr 9th 2014 7 years ago
http://blogs.sophos.com/2014/04/09/sophos-utm-manager-and-openssl-vulnerability/ UTM up to 9.6 vulnerable SUM 4.1 may be vulnerable	Geoff 1 Posts
Quote	Apr 9th 2014 7 years ago
crickets at Dell/Sonicwall too	TuggDougins 37 Posts
Quote	Apr 9th 2014 7 years ago
BalaBit's update: Shell Control Box - A perfect fit against the Heartbleed Bug http://mgabor.blogs.balabit.com/2014/04/09/shell-control-box-a-perfect-fit-against-the-heartbleed-bug/	TuggDougins 1 Posts
Quote	Apr 9th 2014 7 years ago
Just got an e-mail from McAfee saying the following: "McAfee is aware of the Heartbleed Vulnerability (CVE-2014-0160). This is a vulnerability in OpenSSL that could allow an attacker to gain access to system memory (in 64K chunks) which potentially could contain sensitive information or communications. McAfee is investigating affected products and will be provide additional information via SNS today."	TuggDougins 22 Posts
Quote	Apr 9th 2014 7 years ago
NoMachine: "NoMachine has already commenced building and testing its own software with the updated OpenSSL libraries. The new packages will be released as soon..."	TuggDougins 1 Posts
Quote	Apr 9th 2014 7 years ago
Debian: https://lists.debian.org/E1WXHDi-0007bY-NH@master.debian.org and also https://lists.debian.org/debian-security-announce/2014/msg00072.html when they updated it to better check which services needed restarting after the upgrade.	Athanasius 8 Posts
Quote	Apr 9th 2014 7 years ago
Blue Coat - http://kb.bluecoat.com/index?page=content&id=SA79	Chiesennegs 2 Posts
Quote	Apr 9th 2014 7 years ago
IBM Websphere: http://www-01.ibm.com/support/docview.wss?uid=swg21669774&myns=swgws&mynp=OCSSEQTP&mync=E	Chiesennegs 1 Posts
Quote	Apr 9th 2014 7 years ago
McAfee has signature available through their support portal. If you already have the last signature set for your appliance/software you can manually patch with the update provided.	Foofighter 1 Posts
Quote	Apr 9th 2014 7 years ago
Anyone hear anything from HP yet, aside from the blog entry by Daniel Miessler? New versions of SMH seem to be vulnerable...	Jaybone 27 Posts
Quote	Apr 9th 2014 7 years ago
OpenVPN - https://community.openvpn.net/openvpn/wiki/heartbleed	sempersecurus 1 Posts
Quote	Apr 9th 2014 7 years ago
Juniper Networks - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623 More products than just the SA/IC/MAG products are affected. Cory C.	Anonymous
Quote	Apr 9th 2014 7 years ago
Accellion - released FTA 9_9_40 for their secure file transfer product to address Heartbleed.	Anonymous
Quote	Apr 9th 2014 7 years ago
Slackware covered @ http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622	Anonymous
Quote	Apr 9th 2014 7 years ago
VMWare Response to OpenSSL security issue CVE-2014-0160/CVE-2014-0346 a.k.a: "Heartbleed" (2076225) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225	SWaterhoouse 1 Posts
Quote	Apr 9th 2014 7 years ago