Specific versions of OpenSSL could be exploited by the "Heartbleed" vulnerability:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
1. App Center SaaS deployments – No action needed
The hosting provider has updated the load balancing infrastructure that handles SSL communication. Also, as a precautionary measure, certs/keys have been updated.
2. App Center On-Premise deployments – Action needed
App Center deployed on Centos and RHEL 6.4, includes an affected version of OpenSSL library(v1.0.1e). Customers running this specific configuration should apply the patch immediately.
To check the version: "openssl version -a"
To update openssl: "yum update openssl"
You should restart Apache or reboot the server after the update.
Customers should also ensure that other 3rd party network components such as reverse proxies & load balancers ( such as F5) are patched appropriately (if necessary). As a best practice, after updating the library, the cert/keys should be replaced.
Note: New installations of App Center will include the patched OpenSSL library.
RedHat Enterprise Linux
Imported Document ID: TECH216616
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.