Heartbleed

Hi,

 

It seems that Policy manager contains vulnerable openssl binaries in "C:\Program Files (x86)\F-Secure\Web User Interface\bin".  Can you tell us the potential impact of this?  Will F-Secure be issuing a patch?

 

Thanks,

Brad

Comments

  • toby53toby53 Posts: 1

    Are we protected from this?

  • DmitriyDmitriy Posts: 212 F-Secure Employee

    Hello,

     

    Policy Manager does not use OpenSSL and based on the directory path you mentioned, it is likely the Web-based management UI for Email and Server Security. We will anyway check all products and communicate about affected ones and available patches as soon as possible.

  • And what about PSB Portal itself?

    Is it vulnerable? Fixed?

     

    Please let us know when possible.

     

    Thank you

    Costas

  • DmitriyDmitriy Posts: 212 F-Secure Employee

    Hi all,

     

    Please check the advisory that we have published on our public web: http://www.f-secure.com/en/web/labs_global/fsc-2014-1. F-Secure products and services mentioned in this advisory are affected. Other F-Secure products and services are not affected.

  • Hello

     

    I see in Downloads area, that the hotfix for ESS 11.x and 10.x is already available.

    But some further clarifications required.

     

    1. What about SS installations? Can we apply the hotfix for ESS?

    2. What about PSB? I guess that the hotfix will be automatically downloaded and be applied (SS and ESS)?

    3. After-hotfix actions?

    - Change pub/priv keys of web UI? how (any technote how to create/apply new keypair?)

    - Change server administrator passwords?

     

    Thank you

    Costas

     

  • OK, security advisory page updated:

     

    http://www.f-secure.com/en/web/labs_global/fsc-2014-1

    Smiley Happy

     

This discussion has been closed.