Has anyone seen and/or dealt with this issue.
We just received this from one of our 3rd party software vendors
"Several news carriers have alerted the public of a vulnerability found recently in OpenSSL. OpenSSL is an open-source version of the basic encryption functions for computer security standards. Certain client-facing CommSoft web applications require the use of Apache, which uses OpenSSL. You might also have other applications (non-CommSoft) which use OpenSSL, so you should be certain to check those as well.
The vulnerability is being referred to as the Heartbleed Bug. It allows an attacker to leak memory of transactions and possibly decrypt the encrypted data. Reports indicate that the vulnerability is found version V1.0.1 and subsequent subversions (a) through (f).
It is recommended that you perform your own research on this matter as during my review of material I have found conflicting information as to versions, the extent of the vulnerability, and corrective/preventative action.
To determine the version of OpenSSL being used in Apache:
Open a DOS prompt on the production Apache web server. Navigate to the BIN directory and type:
If the version is 0.9 or earlier, the Heartbleed Bug has not been found in these versions.
If your version is listed in one of the V1.0.1 versions listed above, you will need an OpenSSL update.
To download the appropriate update, go to Openssl.org and follow the instructions or you can contact CommSoft Client Support to assist in this matter. "
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071