Heartbleed

chef

Hi,

 

It seems that Policy manager contains vulnerable openssl binaries in "C:\Program Files (x86)\F-Secure\Web User Interface\bin".  Can you tell us the potential impact of this?  Will F-Secure be issuing a patch?

 

Thanks,

Brad

toby53

Are we protected from this?

Dmitriy

Hello,

 

Policy Manager does not use OpenSSL and based on the directory path you mentioned, it is likely the Web-based management UI for Email and Server Security. We will anyway check all products and communicate about affected ones and available patches as soon as possible.

Costas-Inter

And what about PSB Portal itself?

Is it vulnerable? Fixed?

 

Please let us know when possible.

 

Thank you

Costas

Dmitriy

Hi all,

 

Please check the advisory that we have published on our public web: http://www.f-secure.com/en/web/labs_global/fsc-2014-1. F-Secure products and services mentioned in this advisory are affected. Other F-Secure products and services are not affected.

Costas-Inter

Hello

 

I see in Downloads area, that the hotfix for ESS 11.x and 10.x is already available.

But some further clarifications required.

 

1. What about SS installations? Can we apply the hotfix for ESS?

2. What about PSB? I guess that the hotfix will be automatically downloaded and be applied (SS and ESS)?

3. After-hotfix actions?

- Change pub/priv keys of web UI? how (any technote how to create/apply new keypair?)

- Change server administrator passwords?

 

Thank you

Costas

 

Costas-Inter

OK, security advisory page updated:

 

http://www.f-secure.com/en/web/labs_global/fsc-2014-1