This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeline for patching SSL vulnerability (Heartbleed Bug)

Heatbleed Bug (CVE-2014-0160)

Hi

Is there any timeframe for patching this SSL/TLS bug for Astaro Security Gateway V8.
We are on the latest 8.311 (as V8 is an approved appliance for us and V9 is not).

Thanks

Heartbleed Bug
https://news.ycombinator.com/item?id=7548991

This thread was automatically locked due to age.

Parents

0 Auralcurator over 11 years ago

Current version 9 IS affected [:(] 1.0.1e
Cancel
Vote Up 0 Vote Down

Cancel
0 drees over 11 years ago in reply to Auralcurator

Until an update for UTM 9 is released, I would suggest the following to reduce your attack surface:

1. Make sure that the web UI is only accessible to trusted networks.
2. Disable SSL VPNs like OpenVPN, or only allow access to trusted networks.
3. Any other reverse proxy/relay services that UTM provides will also be vulnerable (HTTPS, possibly SMTP/POP/IMAP, etc).

FWIW, I do see that 9.110 is on the FTP site - anyone know what's in it?

ftp://ftp.astaro.de/UTM/v9/up2date/
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 drees over 11 years ago in reply to Auralcurator

Until an update for UTM 9 is released, I would suggest the following to reduce your attack surface:

1. Make sure that the web UI is only accessible to trusted networks.
2. Disable SSL VPNs like OpenVPN, or only allow access to trusted networks.
3. Any other reverse proxy/relay services that UTM provides will also be vulnerable (HTTPS, possibly SMTP/POP/IMAP, etc).

FWIW, I do see that 9.110 is on the FTP site - anyone know what's in it?

ftp://ftp.astaro.de/UTM/v9/up2date/
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data