OpenSSL vulnerability

Article ID: SEC0002 Some OpenSSL versions are vulnerable to attack

Symptom

Recent news articles have revealed vulnerabilities for some versions of OpenSSL

Resolution

As of 10.0 SP7/9.0 SP14, Simpana software uses openSSL version 1.0.0.  This version is not affected by the heartbleed bug.

Moreover, the usage of OpenSSL by Simpana software is on client side and thus not susceptible to most of the server based attacks.  Simpana software is routinely tested for security threats and none of these issues related to OpenSSL are found applicable.

However, if your IT policy mandates using a newer version of OpenSSL (1.0.1h) with Simpana software, they can do it by installing the following updates:

Simpana Software version 10  – Update 13360.

Simpana Software version 9.0 – Update 46803.

These updates can be installed over any Service Pack on these releases.