OpenSSL Heartbleed Bug Impact on IGEL Products


Description

The Heartbleed bug in the OpenSSL library affects all communication done through SSL encryption on systems that are using the OpenSSL libraries. The bug enables you to read sections of the device’s memory which might result in leaking password informations. Thus this issue has a high impact on servers receiving connections from random clients which might try to sneak these informations. As clients initiate the connection and check through SSL whether the target server is the correct one it is very unlikely that information leaking happens. But still the IGEL products have been checked on whether they are in general vulnerable or not (mostly would affect the UMS server)


IGEL Universal Management Suite

The UMS system is based on Java which uses its own implementation of SSL. Therefore the UMS is not affected by this Heartbleed bug in the OpenSSL libraries and can be considered safe as a server service.


IGEL Universal Desktop Windows Embedded Standard

The Microsoft Windows part of IGEL UD systems is not affected as it is not using OpenSSL. But the small IGEL WinLinux OS which is used for snapshotting and recovery is using OpenSSL. The version that is used in this system is an old version that is not affected. So also IGEL Windows Embedded Standard systens are not affected.


IGEL Universal Desktop Linux and IGEL Zero

Both firmware versions (v4 and v5) of IGEL Linux use the OpenSSL libraries. Both firmware versions use affected versions of OpenSSL. The devices are client devices which do not receive connections from random and potentially dangerous communication partners, but initiate connections to servers SSL encrypted.

Due to that we released firmware updates with fixed OpenSSL libraries:

  • IGEL Linux v4 4.13.180 (April 28, 2014)
  • IGEL Linux v5 5.03.100 (April 30, 2014)


    Legal Note

    IGEL's Terms & Conditions apply.