There has been much publicity lately regarding an internet
security vulnerability known as “Heartbleed”. See
www.heartbleed.com
for a good description of the problem, or, see the
CVE web site for the official CVE description.
Some customers have asked if their OpenVMS systems are vulnerable to this
bug. SCI offers the following guidance:
For customers using HP SSL for OpenVMS: The
Heartbleed bug was introduced in OpenSSL V1.0.1 and the most recent
version of SSL for OpenVMS is based on OpenSSL V0.9.8y and is therefore
not affected.
For customers using
Process Software Products: The following was posted to the
process.com web page: “Process Software's products including
MultiNet, TCPware, PMDF, PreciseMail, VAM, and SSH-UCX are NOT
vulnerable to this attack. These products do not use the versions of
OpenSSL open to attack. No patches or configuration changes are required
to secure any version of these products.” ()
Please feel free to
contact us with additional questions.