A vulnerability dubbed “Heartbleed” was found in the popular OpenSSL cryptographic software library.
You can read more general information about the vulnerability at www.symantec.com/connect/blogs/heartbleed-openssl-take-action-now and www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers.
Specific versions of OpenSSL could be exploited by the "Heartbleed" vulnerability:
1. App Center SaaS deployments – No action needed
The hosting provider has updated the load balancing infrastructure that handles SSL communication. Also, as a precautionary measure, certs/keys have been updated.
2. App Center On-Premise deployments – Action needed
App Center deployed on Centos and RHEL 6.4, includes an affected version of OpenSSL library(v1.0.1e). Customers running this specific configuration should apply the patch immediately.
Customers should also ensure that other 3rd party network components such as reverse proxies & load balancers ( such as F5) are patched appropriately (if necessary). As a best practice, after updating the library, the cert/keys should be replaced.
Note: New installations of App Center will include the patched OpenSSL library.
Applies To
Symantec AppCenter
RedHat Enterprise Linux
CentOS
OpenSSL