FS System: Is the System Software or Maxrep Software affected by OpenSSL Bug Heartbleed / CVE-2014-0160?

Asset ID:	1-79-1936526.1
Update Date:	2016-12-01
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 1936526.1 : FS System: Is the System Software or Maxrep Software affected by OpenSSL Bug Heartbleed / CVE-2014-0160?

Applies to:

Pillar Axiom Replication Engine (MaxRep) - Version 2.0 to 3.0 [Release 2.0 to 3.0]
Oracle FS1-2 Flash Storage System - Version All Versions to All Versions [Release All Releases]
Axiom System Operating Software

Purpose

Is the System Software or Maxrep Software affected by OpenSSL Bug Heartbleed / CVE-2014-0160?

Details

From http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html:

In April 2014, a vulnerability affecting certain versions of the OpenSSL cryptographic software library was publicly disclosed. For the purpose of this note, this vulnerability will be referred by its CVE number: CVE-2014-0160. For more information about this vulnerability, see http://heartbleed.com/. (Note that this site is not affiliated with Oracle.)

The bug was introduced on March 14, 2012 with the release of OpenSSL 1.0.1. The fix was released on April 7, 2014 with version 1.0.1g.

Summary:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable to CVE-2014-0160.
OpenSSL 1.0.1g is NOT vulnerable to CVE-2014-0160.
OpenSSL 1.0.0 branch is NOT vulnerable to CVE-2014-0160.
OpenSSL 0.9.8 branch is NOT vulnerable to CVE-2014-0160.
OpenSSL 0.9.7 branch is NOT vulnerable to CVE-2014-0160.

None of the AxiomONE or MaxRep versions is affected by the OpenSSL bug.

Internal Only

The versions of OpenSSL are kept internal for security purposes.

FS1-2 Software

Branch	OpenSSL version
06.01.00-010800	OpenSSL 1.0.0-fips 29 Mar 2010

Maxrep

Branch	OpenSSL version
MaxRep R2	OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
MaxRep R3	OpenSSL 1.0.0-20

Attachments

This solution has no attachment