Is Symantec Message Filter (SMF) or Symantec Messaging Gateway for Service Providers (SMG-SP) affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

book

Article ID: 159167

calendar_today

Updated On:

Products

Messaging Gateway for Service Providers

Issue/Introduction

Inquiries asking whether SMF or SMG-SP are affected by the "heartbleed" OpenSSL bug (CVE-2014-0160) that allows highly sensitive material such as primary key information to be accessed illicitly via a defect in the implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).


Resolution

SMF and SMG-SP are not affected by this vulnerability. Please note it's possible these products could be installed on systems where affected version of OpenSSL is deployed, this is beyond Symantec's control and support. Please ensure to install secure version of OpenSSL on your systems.

 
For other Symantec products, please see the subsequent support documents or teams for comment.