MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

RE: OpenSSL Vulnerability Notice



fixed

iSeries V7R1 5733SC1 SI51208 is /QOpenSys/QIBM/ProdData/SC1/OpenSSL/openssl-0.9.8j
So is 9.8j ok?

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Wednesday, April 09, 2014 10:10 AM
To: 'Midrange Systems Technical Discussion'
Subject: OpenSSL Vulnerability Notice

Has anyone seen and/or dealt with this issue.
We just received this from one of our 3rd party software vendors

"Several news carriers have alerted the public of a vulnerability found recently in OpenSSL. OpenSSL is an open-source version of the basic encryption functions for computer security standards. Certain client-facing CommSoft web applications require the use of Apache, which uses OpenSSL. You might also have other applications (non-CommSoft) which use OpenSSL, so you should be certain to check those as well.

The vulnerability is being referred to as the Heartbleed Bug. It allows an attacker to leak memory of transactions and possibly decrypt the encrypted data. Reports indicate that the vulnerability is found version V1.0.1 and subsequent subversions (a) through (f).

It is recommended that you perform your own research on this matter as during my review of material I have found conflicting information as to versions, the extent of the vulnerability, and corrective/preventative action.

To determine the version of OpenSSL being used in Apache:
Open a DOS prompt on the production Apache web server. Navigate to the BIN directory and type:

openssl.exe version

Hit enter.

If the version is 0.9 or earlier, the Heartbleed Bug has not been found in these versions.
If your version is listed in one of the V1.0.1 versions listed above, you will need an OpenSSL update.

To download the appropriate update, go to Openssl.org and follow the instructions or you can contact CommSoft Client Support to assist in this matter. "


Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact