Smoothwall and the OpenSSL Heartbleed Vulnerability

Article #:

Product

Castle

1831

 

 

Summary

 

Problem

The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This vulnerability allows normally protected data to be stolen by the same SSL/TLS encryption used to secure the Internet.

Solution

We can confirm that your Smoothwall is NOT vulnerable to this issue as the version of OpenSSL and GnuTLS have been upgraded in MAIN 73 and are not affected by this issue.

We have released a statement on our blog relating to this vulnerability.

Whilst your Smoothwallis not vulnerable to this issue, your users are NOT immune to the Hearthbleed issue where it is present on other web sites and services. Refer to the links posted in our blog post for more information. You may also find http://heartbleed.com to be a useful resource.

Note: EDIT 2015: With the revelation of http://www.wired.com/2014/06/heartbleed-redux-another-gaping-wound-in-ssl-uncovered, be advised that we have updated our implementations of OpenSSL an GnuTLS in MAIN 75 to address this. This update has been released to all customers and should be ready for you to download and install.

Note: EDIT September 2016: We have again upgraded the OpenSSL version used in Smoothwall products; released in Framlingham-1 and Glamis-0.

Attribution:

Last updated:

Author:

Contributions by:

2nd September 2016

 

DMT

SN

 

Copyright © 2000-2016 Smoothwall All rights reserved.