M
mbianco
Guest
I’m glad to see this thread. I opened a support ticket yesterday but haven’t heard back yet. This only seems to address progress related web services. Can anyone tell me if a vulnerable version of OpenSSL is used within the OpenEdge Database, AppServer, WebSpeed, or 4GL client products? I’m personally interested in version OE 10.2B 64 Bit on Windows and Linux (SuSe). From: Jean Richert [mailto:bounce-jri@community.progress.com] Sent: Thursday, April 10, 2014 10:12 AM To: TU.General@community.progress.com Subject: Progress Statement on “Heartbleed” Vulnerability Progress Statement on “Heartbleed” Vulnerability Thread created by Jean Richert On Monday, April 7, 2014, a new "Heartbleed" vulnerability (CVE-2014-0160) was publicized. This vulnerability involves the SSL (encrypted) connection between web clients and their web server pages. Under certain circumstances, web communication(s) between clients and their web server pages could be read, intercepted, hijacked, or otherwise falsely manipulated by unauthorized users. Progress immediately implemented a system-wide assessment of components potentially affected by the "Heartbleed" vulnerability, and developed appropriate response and remediation plans: n All 3 rd party web services the Progress Pacific platform use were updated as of April 9, 2014, mitigating the vulnerability. Further, we have re-issued our SSL web encryption certificates to further mitigate risk. Please note that, after diligent operational review of our real-time logs and monitors, we do not believe any SSL keys or certificates were compromised at this time. n Progress RollBase web servers were updated as of April 9, 2014, mitigating the vulnerability. n At this time we believe no other customer-facing Progress utilities are susceptible to the vulnerability. Progress understand that a secure user experience is top of mind for its customers and partners. If you have specific questions, please contact Progress Support or call your Regional Technical Support Manager at the number listed on our
Continue reading...
Continue reading...