OpenSSL Security Advisory [07 Apr 2014] – TLS heartbeat read overrun (CVE-2014-0160)

OpenSSL Project が提供する OpenSSL の heartbeat 拡張には情報漏えいの


Field Notice: Gigamon Gear Not Exposed to Recent OpenSSL Vulnerability (FN04102014)

April 10, 2014

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library commonly used in the IT industry.

Problem Description:
Press reports have heightened awareness to potential security vulnerabilities related to OpenSSL. A security exposure was reported on April 7, 2014 regarding an OpenSSL library issue that could potentially result in the disclosure of internal information of systems protected by OpenSSL. (CVE-2014-0160)

Impact on Gigamon Products: None
While Gigamon uses OpenSSL library to secure connectivity to its devices, our implementation does not use the TLS-heartbeat/keep-alive function that is vulnerable to this defect.

As such, no GigaVUE G Series, GigaVUE H Series, GigaVUE-TA1, and GigaVUE-VM nodes or GigaVUE-FM are impacted by this vulnerability.

Due to the recent press coverage, we wanted to proactively keep you informed.

For more information or questions, please contact Technical Support.

カテゴリー: サポート情報, ニュース, 応用製品, 技術情報 投稿日: 2014年4月11日 投稿者: bitrieve