Recently, security researchers announced a flaw in the OpenSSL encryption software library used by many websites to protect customers’ data. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access a website’s customer data along with traffic encryption keys.
The flaw was discovered in a technology called “OpenSSL” — a set of encryption software used by Web companies to safeguard user information. Sites that use OpenSSL will display a small “lock” icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds of websites across the Internet.
Novell takes security very seriously and after a thorough review has discovered that the overwhelming majority of its products never incorporated the vulnerable software.
The following products were determined to be impacted:
- Novell File Reporter
- Novell Storage Manager
- Novell Kanaka for Mac
We have produced new versions of these products that use OpenSSL 1.0.1.g, which fixes the Heartbleed vulnerability. Customers who are current on maintenance will have access to all of the download files in Novell Customer Center. Additionally, direct links to Novell File Reporter and Storage Manager are noted below:
- Novell File Reporter—All Novell File Reporter 2.x customers are encouraged to upgrade all components for their installation to Version 18.104.22.168. Novell File Reporter customers running 1.0.x and earlier are not affected by the Heartbleed vulnerability.
- Novell Storage Manager—All Novell Storage Manager 3.1.x customers are encouraged to upgrade all components for their installation to Version 22.214.171.124. Novell Storage Manager customers running 3.0.x and earlier are not affected by the Heartbleed vulnerability.
- Novell Kanaka for Mac —All Novell Kanaka 2.8.x customers are encouraged to upgrade their installation to 126.96.36.199. All Novell Kanaka 2.7.x customers are encouraged to upgrade their installation to 188.8.131.52. These updates are available in Novell Customer Center.
Summary of Resources:
If you have additional questions contact your Novell account manager or customer support.