Zen lb community edition uses openssl 0.9.8 and the vulnerability is in
openssl 1.0.1 to openssl 1.0.1f
Regards
2014-04-11 17:09 GMT+02:00 Jeremy Brock <[email protected]>:
> Hi Sathish,
>
> If you have not applied the debian security updates that were released
> for openssl this week, then yes you are most likely vulnerable.
>
> To confirm, login via putty to the debian box as a sudo or root user
> and launch aptitude. Check the security updates for libssl and openssl,
> check the Package->Changelog for both and you should see at the top the CVE
> information that the updates patch. Remember that after patching, debian
> recommends restarting the system.
>
> ~Jeremy
>
>
> On Fri, Apr 11, 2014 at 4:02 AM, Laura Garcia <[email protected]> wrote:
>
>> Hi, the zenlb community version is not afected if you haven't upgraded
>> the system through apt-get.
>>
>> Regards
>> El 11/04/2014 12:59, "Sathish Gangadharan" <[email protected]>
>> escribió:
>>
>>> Hi ZenAdmins,
>>>
>>> We are using Zen LB opensource v3.03 for loadbalancing few of our
>>> applications.
>>>
>>> I recently heard about a significant security vulnerability known as
>>> Heartbleed that was discovered in open source SSL library (openssl) which
>>> provides the potential for an attacker to gain access to the SSL private
>>> keys of a vulnerable SSL system.
>>>
>>>
>>> http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=720951&SearchOrder=4
>>>
>>> Does anyone know if Zen LB v3.0.3 opensource product is affected by
>>> this vulnerability?
>>>
>>> Thanks
>>> Sathish
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Put Bad Developers to Shame
>>> Dominate Development with Jenkins Continuous Integration
>>> Continuously Automate Build, Test & Deployment
>>> Start a new project now. Try Jenkins in the cloud.
>>> http://p.sf.net/sfu/13600_Cloudbees
>>> _______________________________________________
>>> Zenloadbalancer-support mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Put Bad Developers to Shame
>> Dominate Development with Jenkins Continuous Integration
>> Continuously Automate Build, Test & Deployment
>> Start a new project now. Try Jenkins in the cloud.
>> http://p.sf.net/sfu/13600_Cloudbees
>> _______________________________________________
>> Zenloadbalancer-support mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>
>>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): [email protected]
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
