Has anyone seen and/or dealt with this issue.
We just received this from one of our 3rd party software vendors
"Several news carriers have alerted the public of a vulnerability found
recently in OpenSSL. OpenSSL is an open-source version of the basic
encryption functions for computer security standards. Certain
client-facing CommSoft web applications require the use of Apache, which
uses OpenSSL. You might also have other applications (non-CommSoft) which
use OpenSSL, so you should be certain to check those as well.
The vulnerability is being referred to as the Heartbleed Bug. It allows
an attacker to leak memory of transactions and possibly decrypt the
encrypted data. Reports indicate that the vulnerability is found version
V1.0.1 and subsequent subversions (a) through (f).
It is recommended that you perform your own research on this matter as
during my review of material I have found conflicting information as to
versions, the extent of the vulnerability, and corrective/preventative
To determine the version of OpenSSL being used in Apache:
Open a DOS prompt on the production Apache web server. Navigate to the
BIN directory and type:
If the version is 0.9 or earlier, the Heartbleed Bug has not been found in
If your version is listed in one of the V1.0.1 versions listed above, you
will need an OpenSSL update.
To download the appropriate update, go to Openssl.org and follow the
instructions or you can contact CommSoft Client Support to assist in this
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact