Customer Alert: “Heartbleed Bug”
As was reported on the Internet and News programs yesterday, a significant encryption flaw named the “Heartbleed Bug” has been discovered and poses a very large security threat to the internet. The bug exists in a piece of open source software called “OpenSSL” which is used to encrypt communications between a user’s computer and a web server.
RedSky is dedicated to the security of our customers and has actively investigated what, if any, impact Heartbleed has to our customers using our software products. After careful review and testing, RedSky has determined you are not at risk if you are a customer using either E911 Anywhere® or E911 Manager® v6. However, if you have performed operating system maintenance, particularly yum updates, there is a chance you could have a vulnerable version of OpenSSL. This may be checked by executing the following command with root privileges:
· rpm -qa openssl
If you see any version 1.0.1 through 1.0.1f then you are subject to the vulnerability. To correct the issue you can execute the following command with root privileges:
· yum clean all && yum update "openssl*"
Check to ensure that specifically openssl-1.0.1e-16.el6_5.7 (or later) is installed.
If you need any assistance in performing the above commands or would like to further discuss, please open a ticket with RedSky Support via email at firstname.lastname@example.org or call 866-RST-2435. Also, you can click on the following link for additional details: https://rhn.redhat.com/errata/RHSA-2014-0376.html