Topic: SME Server 8.x is not affected by CVE-2014-0160 (Heartbleed)

[wellsi]

Upstream have confirmed that RHEL 5, which is used in Cos 5 and therefore SME Server 8 are not affected.

http://www.openssl.org/news/secadv_20140407.txt
https://access.redhat.com/security/cve/CVE-2014-0160

From RedHat:
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.4 and earlier, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2. This issue does affect Red Hat Enterprise Linux 6.5, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1, which provided openssl 1.0.1e. Errata have been released to correct this issue.

https://access.redhat.com/site/announcements/781953

[holck]

Thanks for the comforting info. Just to be sure: does this imply that with an SME 8 server, there is no cause for concern? nothing I should do?

[stephdl]

nothing I should do?

yes give a help to test the sme9b4 released today : ok i go out