IMPORTANT NOTE: OpenSSL Vulnerability (CVE-2014-0160) in Sophos UTM [UPDATED]

[UPDATE 09 April 2014 14:43 ET] A fix is now available — please check our knowledgebase article, we will update it as we get more information.

On 07. April 2014 a critical vulnerability was found in OpenSSL also affecting some versions of Sophos UTM.

The official CVE is tracked with more info here and mentions versions also used inside the UTM product from Sophos.

Affected versions of UTM are: UTM 9.1, UTM 9.2 as well as the SSL Clients from those UTM versions.

The vulnerability described uses a TLS heartbeat read overrun which could be used to reveal chunks of sensitive data from system memory of any system worldwide – and not limited to Sophos UTM – running the affected versions of OpenSSL.

We are working on a fix with high priority and will release Up2Date packages as soon as possible.

Eric Bégoc
Senior Product Manager

4 thoughts on “IMPORTANT NOTE: OpenSSL Vulnerability (CVE-2014-0160) in Sophos UTM [UPDATED]

  1. Pingback: SfN | Informationsblog » Blog Archive » SSL-Gau: So testen Sie Programme und Online-Dienste

  2. Pingback: AVISO IMPORTANTE: Vulnerabilidad OpenSSL (CVE-2014-0160) en productos de Sophos | Blog sobre Sophos UTM – Sophos UTM blog

  3. Pingback: Heartbleed – Impacts & Mitigation for Fund Managers | IP Sentinel

  4. Pingback: What is an Appropriate Response to the Heartbleed OpenSSL Vulnerability? | SynerComm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s