Panzura Security Advisory PZOS-2014-001
|Title:||OpenSSL TLS Heartbeat Vulnerability Review|
|Affected Products:||PZOS – All Supported Versions 126.96.36.199 or Below|
The OpenSSL Project announced a Security Advisory on April 07, 2014 regarding a critical TLS vulnerability in version 1.0.1 through version 1.0.1f (CVE-2014-0160 – https://www.openssl.org/news/secadv_20140407.txt)
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Panzura would like to reassure our customers that a thorough review of the PZOS code base has been undertaken it is confirmed that all TLS-secured communication used in the Panzura system is NOT vulnerable to this exploit.
Panzura software is not at risk from this vulnerability.