[UPDATE 09 April 2014 14:43 ET] A fix is now available — please check our knowledgebase article, we will update it as we get more information.
On 07. April 2014 a critical vulnerability was found in OpenSSL also affecting some versions of Sophos UTM.
The official CVE is tracked with more info here and mentions versions also used inside the UTM product from Sophos.
Affected versions of UTM are: UTM 9.1, UTM 9.2 as well as the SSL Clients from those UTM versions.
The vulnerability described uses a TLS heartbeat read overrun which could be used to reveal chunks of sensitive data from system memory of any system worldwide – and not limited to Sophos UTM – running the affected versions of OpenSSL.
We are working on a fix with high priority and will release Up2Date packages as soon as possible.
Eric Bégoc
Senior Product Manager
SfN | Informationsblog » Blog Archive » SSL-Gau: So testen Sie Programme und Online-Dienste
[…] musste Sophos einräumen, dass auch die UTM-Appliances (früher Astaro) für die Lücke anfällig sind. Ein Sicherheits-Patch ist noch in Arbeit. Es gibt aber auch eine gute Nachricht: OpenSSH ist dem […]
AVISO IMPORTANTE: Vulnerabilidad OpenSSL (CVE-2014-0160) en productos de Sophos | Blog sobre Sophos UTM – Sophos UTM blog
[…] IMPORTANT NOTE: OpenSSL Vulnerability (CVE-2014-0160) in Sophos UTM [UPDATED] […]
Heartbleed – Impacts & Mitigation for Fund Managers | IP Sentinel
[…] Sophos […]
What is an Appropriate Response to the Heartbleed OpenSSL Vulnerability? | SynerComm
[…] http://blogs.sophos.com/2014/04/08/important-note-openssl-vulnerability-cve-2014-0160-in-sophos-utm/ […]