F5 Networks - OpenSSL Heartbleed Vulnerability
Number: AL14-014
Date: 14 April 2014
Purpose
The purpose of this Alert is to bring attention to recently released solution for various F5 Network products.
Assessment
F5 Networks has released a solution to address the OpenSSL Heartbleed vulnerability for the following products.
BIG-IP LTM
BIG-IP AAM
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP Link Controller
BIG-IP PEM
BIG-IP Edge Clients for Apple iOS
BIG-IP Edge Clients for Linux
BIG-IP Edge Clients for MAC OS X
BIG-IP Edge Clients for Windows
CVE Reference: CVE-2014-0160
Affected versions:
BIG-IP LTM 11.5.0 - 11.5.1
BIG-IP AAM 11.5.0 - 11.5.1
BIG-IP AFM 11.5.0 - 11.5.1
BIG-IP Analytics 11.5.0 - 11.5.1
BIG-IP APM 11.5.0 - 11.5.1
BIG-IP ASM 11.5.0 - 11.5.1
BIG-IP GTM 11.5.0 - 11.5.1
BIG-IP Link Controller 11.5.0 - 11.5.1
BIG-IP PEM 11.5.0 - 11.5.1
BIG-IP Edge Clients for Apple iOS 2.0.0 - 2.0.1, 1.0.5 - 1.0.6
BIG-IP Edge Clients for Linux 7080 – 7101
BIG-IP Edge Clients for MAC OS X 7080 - 7101
BIG-IP Edge Clients for Windows 7080 - 7101
Suggested action
CCIRC recommends that system administrators test and deploy the vendor released solution for the affected platforms accordingly.
References
F5 Networks
http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
CCIRC's AV14-017 OpenSSL Vulnerability
http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2014/av14-017-eng.aspx
CCIRC's AL14-005 OpenSSL Heartbleed Vulnerability http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2014/al14-005-eng.aspx
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca
- Date modified: