This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeline for patching SSL vulnerability (Heartbleed Bug)

Heatbleed Bug (CVE-2014-0160)

Hi

Is there any timeframe for patching this SSL/TLS bug for Astaro Security Gateway V8.
We are on the latest 8.311 (as V8 is an approved appliance for us and V9 is not).

Thanks

Heartbleed Bug
https://news.ycombinator.com/item?id=7548991

This thread was automatically locked due to age.

Parents

0 UDPride over 11 years ago

Lets say I decide to upgrade from V8 to V9 in the coming weeks. I assume hte Heartbleed patches will already be included in the build upgrade files and I wont have to do any special song and dance?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 UDPride over 11 years ago

Lets say I decide to upgrade from V8 to V9 in the coming weeks. I assume hte Heartbleed patches will already be included in the build upgrade files and I wont have to do any special song and dance?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 trollvottel over 11 years ago in reply to UDPride

Lets say I decide to upgrade from V8 to V9 in the coming weeks. I assume hte Heartbleed patches will already be included in the build upgrade files and I wont have to do any special song and dance?

In general, if you apply all the U2Ds at once, you should be safe because they're all downloaded locally and installed one after the other, then the system reboots.

BUT AFAIK there is a gap between v9.004 and 9.005 where you need to update to v9.004 first to be able to see and retrieve the rest of the available U2Ds (until v9.111 which is latest GA). This gap shouldn't be a problem though because v9.0xx is not affected by heartbleed.

So: Update to v9.005 first. Then wait until all U2Ds including v9.111 have been downloaded by the UTM and are available for installation. Then update to v9.111 in one step.
Cancel
Vote Up 0 Vote Down

Cancel