IMPORTANT NOTE: OpenSSL Vulnerability (CVE-2014-0160) in Sophos UTM [UPDATED]

Networkup2dateUTMUTM 9

[UPDATE 09 April 2014 14:43 ET] A fix is now available — please check our knowledgebase article, we will update it as we get more information.

On 07. April 2014 a critical vulnerability was found in OpenSSL also affecting some versions of Sophos UTM.

The official CVE is tracked with more info here and mentions versions also used inside the UTM product from Sophos.

Affected versions of UTM are: UTM 9.1, UTM 9.2 as well as the SSL Clients from those UTM versions.

The vulnerability described uses a TLS heartbeat read overrun which could be used to reveal chunks of sensitive data from system memory of any system worldwide – and not limited to Sophos UTM – running the affected versions of OpenSSL.

We are working on a fix with high priority and will release Up2Date packages as soon as possible.

Eric Bégoc
Senior Product Manager


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.