Hi everyone,
At least one bright point in the BMC habit to use really old versions
of other vendors software.
However I would be really happy if they would update at least the
ehcache manager version which is used on midtiers.
Existing is at least 2.5.0 but midtier 8.1 still uses 2.0.1 :(
anyway thanks for this info Doug.
best regards
Marek
On 10/04/2014 05:57, DEE wrote:
** Thank you Doug,
This is perfect.
DEE
-----Original Message-----
From: Mueller, Doug <doug_muel...@bmc.com>
To: arslist <arslist@ARSLIST.ORG>
Sent: Wed, Apr 9, 2014 11:30 pm
Subject: Remedy, OpenSSL, and the Heartbleed bug
**
Everyone,
I am sure that most if not all of you have seen the reports in the
media about the security bug (called the
Heartbleed bug) that has been found out on the internet.
Some details:
OpenSSL is the source of the bug. It is a technology used for
encryption.
The AR System environment uses this technology for password
encryption and to encrypt the data as it flows
across the wire.
The issue was introduced in version 1.0.1 of OpenSSL (released March
2012) and is present in 1.0.1 and 1.0.1a
through 1.0.1f of that product. There is a corrected version that was
released April 7, 2014 that corrects the
error.
The error is NOT present in the 0.9.8 or 1.0.0 versions of the
product.
The AR System uses the 0.9.8 version of the OpenSSL libraries. We
have gone through the build trees to
confirm this for versions 7.6.04, 8.0, and 8.1 and the service packs
and patches for those releases. For all
of them, we are using the 0.9.8 version.
This means that the AR System, its plugins, its applications, the
CMDB, the API, and etc… is not affected by
the Heartbleed bug and there is no action you need to take on your
environment.
BMC is investigating all of the products it ships to check which ones
of them may have issues due to this
bug. There will be a formal announcement in the near future of BMCs
exposure and the remediation
plans for any exposure found. This will include the official
announcement from BMC about the
AR System environment.
I just wanted to share the information with this list as soon as it
was confirmed that there was no issue
with the Remedy product line.
Doug Mueller _ARSlist: "Where the Answers Are" and have been for 20
years_ _ARSlist: "Where the Answers Are" and have been for 20 years_
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
