University of Southern California

Heartbleed – vendor updates 2014-04-17 10:56

Posted on by Robert

Below is a partial list of vendors that have made announcements and/or released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available.

Apple

No formal announcement

Aruba

http://www.arubanetworks.com/support/alerts/aid-040814.asc

Bluecoat

http://kb.bluecoat.com/index?page=content&id=SA79&actp=RSS

Checkpoint

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173

Cisco

http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Cisco/Sourcefire

http://blogs.cisco.com/security/openssl-heartbleed-vulnerability-cve-2014-0160-cisco-products-and-mitigations/

Citrix

http://support.citrix.com/article/CTX140605

Debian

https://lists.debian.org/debian-security-announce/2014/msg00072.html

Dell/SonicWALL

http://www.sonicwall.com/us/shared/download/ell_SonicWALL_-_Support_Bulletin_-_CVE-20140-1016_OpenSSL_Large_Heartbeat_Response_Vulnerability.pdf

F5

http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

F5

https://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160#.U0VzBMdEjKR

Fortinet

http://www.fortiguard.com/advisory/FG-IR-14-011/

Gentoo Linux

http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml

HP

This search shows the status of many products:

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/search/?spf_p.tpst=kbSearchMain&spf_p.pbp_kbSearchMain_myAction=withResults&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken#searchResultHead

If the above link does not work, go to main HP Support Site, https://h20566.www2.hp.com/portal/site/hpsc/public/, and search for CVS-2014-0160.

IBM Websphere

http://www-01.ibm.com/support/docview.wss?uid=swg21669774&myns=swgws&mynp=OCSSEQTP&mync=E

Juniper

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623&cat=SIRT_1&actp=LIST&showDraft=false

Microsoft Services

blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx

Netgear

No formal announcement

Novell

http://support.novell.com/security/cve/CVE-2014-0160.html

openssl

https://www.openssl.org/news/secadv_20140407.txt

OpenVPN

https://community.openvpn.net/openvpn/wiki/heartbleed

Oracle (login required)

https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1645479.1

RedHat

https://access.redhat.com/security/cve/CVE-2014-0160

Riverbed

https://supportkb.riverbed.com/support/index?page=content&id=S23635

Slackware

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622

Sophos

http://blogs.sophos.com/2014/04/09/sophos-utm-manager-and-openssl-vulnerability/

Ubuntu

http://www.ubuntu.com/usn/usn-2165-1/

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/search/?spf_p.tpst=kbSearchMain&spf_p.pbp_kbSearchMain_myAction=withResults&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken#searchResultHead

Comments are closed.