To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Heartbleed

Options
chef
chef W/ Alumni Posts: 3 Security Scout

Hi,

 

It seems that Policy manager contains vulnerable openssl binaries in "C:\Program Files (x86)\F-Secure\Web User Interface\bin".  Can you tell us the potential impact of this?  Will F-Secure be issuing a patch?

 

Thanks,

Brad

Comments

  • toby53
    toby53 W/ Alumni Posts: 1 Security Scout
    Options

    Are we protected from this?

  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator
    Options

    Hello,

     

    Policy Manager does not use OpenSSL and based on the directory path you mentioned, it is likely the Web-based management UI for Email and Server Security. We will anyway check all products and communicate about affected ones and available patches as soon as possible.

  • Costas-Inter
    Costas-Inter W/ Alumni Posts: 36 Security Scout
    Options

    And what about PSB Portal itself?

    Is it vulnerable? Fixed?

     

    Please let us know when possible.

     

    Thank you

    Costas

  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator
    Options

    Hi all,

     

    Please check the advisory that we have published on our public web: http://www.f-secure.com/en/web/labs_global/fsc-2014-1. F-Secure products and services mentioned in this advisory are affected. Other F-Secure products and services are not affected.

  • Costas-Inter
    Costas-Inter W/ Alumni Posts: 36 Security Scout
    Options

    Hello

     

    I see in Downloads area, that the hotfix for ESS 11.x and 10.x is already available.

    But some further clarifications required.

     

    1. What about SS installations? Can we apply the hotfix for ESS?

    2. What about PSB? I guess that the hotfix will be automatically downloaded and be applied (SS and ESS)?

    3. After-hotfix actions?

    - Change pub/priv keys of web UI? how (any technote how to create/apply new keypair?)

    - Change server administrator passwords?

     

    Thank you

    Costas

     

  • Costas-Inter
    Costas-Inter W/ Alumni Posts: 36 Security Scout
    Options

    OK, security advisory page updated:

     

    http://www.f-secure.com/en/web/labs_global/fsc-2014-1

    Smiley Happy

     

This discussion has been closed.