Heartbleed Alert – Sophos

From my friends at Sophos earlier today.  If you’re using their software, pay VERY close attention…


 SOPHOS – OpenSSL Vulnerability –

     ***Patch required for Sophos UTM***

On 7 April 2014 a critical vulnerability was revealed in OpenSSL. By exploiting this vulnerability affected systems could be altered to expose sensitive data from system memory.

Action required: We advise customers to apply the patches supplied by Sophos at the earliest opportunity, see details and links below.

Sophos product(s) and version(s) affected:

You can find more information on the Sophos Knowledge Base.

The official CVE is tracked with more info here and mentions versions of OpenSSL used in some Sophos products.The affected versions of Open SSL are 1.0.1 and 1.0.2-beta releases including 1.0.1f and 1.0.2-beta1.

Read more about the anatomy of the attack on nakedsecurity. This vulnerability is not limited to Sophos products. Other products running the affected versions of OpenSSL may be impacted as well so please refer to your vendors’ websites for details.


Should you have questions or require further assistance please contact your Sophos Partner. They will be glad to assist you.


Getting too many emails? You can visit the Preference Center and receive the content you want or unsubscribe.
© 2014 Sophos Inc. All rights reserved | Privacy Policy
3 Van de Graaff Drive, Burlington, MA 01803.
Enhanced by Zemanta

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s