Summary This article clarifies how to check the version of OpenSSL shipped with Orbix. Environment Orbix 3.3, Orbix 6.3 All Supported Operating Systems Question/Problem Description How can I check if the OpenSSL version shipped with Artix is affected by the vulnerability caused by the Heartbleed bug? Clarifying Information The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library which is also shipped with Artix. CVE-2014-0160 is the official reference to this bug. The following is the status of different OpenSSL versions: OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable Error Message Defect/Enhancement Number Cause https://www.openssl.org/news/secadv_20140407.txt Resolution In order to check the version of OpenSSL included in your Orbix product run the following command: openssl version Workaround Notes A fix (by disabling vulnerable heartbeats code) for this bug has been released in Orbix 6.3.6 hotfix 4. Attachment
↧