How can I check if the OpenSSL version shipped with Orbix is affected by the vulnerability caused by the Heartbleed bug?

Anonymous · 2014-04-11T15:01:00+00:00

Summary This article clarifies how to check the version of OpenSSL shipped with Orbix. Environment Orbix 3.3, Orbix 6.3 All Supported Operating Systems Question/Problem Description How can I check if the OpenSSL version shipped with Artix is affected by the vulnerability caused by the Heartbleed bug? Clarifying Information The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library which is also shipped with Artix. CVE-2014-0160 is the official reference to this bug. The following is the status of different OpenSSL versions: OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable Error Message Defect/Enhancement Number Cause https://www.openssl.org/news/secadv_20140407.txt Resolution In order to check the version of OpenSSL included in your Orbix product run the following command: openssl version Workaround Notes The only CORBA products affected by this were Orbix 6.3.6, Artix 5.6 and Orbix 3.3.12. Fixes for all of these are available now. Please contact Micro Focus SupportLine and open a support incident if further clarification is required. Attachment #KnowledgeDocs#Orbix

Summary	This article clarifies how to check the version of OpenSSL shipped with Orbix.
Environment	Orbix 3.3, Orbix 6.3 All Supported Operating Systems
Question/Problem Description	How can I check if the OpenSSL version shipped with Artix is affected by the vulnerability caused by the Heartbleed bug?
Clarifying Information	The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library which is also shipped with Artix. CVE-2014-0160 is the official reference to this bug. The following is the status of different OpenSSL versions: OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
Error Message
Defect/Enhancement Number
Cause	https://www.openssl.org/news/secadv_20140407.txt
Resolution	In order to check the version of OpenSSL included in your Orbix product run the following command: openssl version
Workaround
Notes	The only CORBA products affected by this were Orbix 6.3.6, Artix 5.6 and Orbix 3.3.12. Fixes for all of these are available now. Please contact Micro Focus SupportLine and open a support incident if further clarification is required.
Attachment

#KnowledgeDocs
#Orbix

Sign up

Please log in or register:

Welcome to the Rocket Forum!

Please log in or register:

Scanning file for viruses.

This file cannot be downloaded