Panzura Security Advisory PZOS-2014-001

Issue Date: 04/09/2014
Updated Date: 04/09/2014
Title: OpenSSL TLS Heartbeat Vulnerability Review
Classification: Advisory/Informational
Status: Closed
Affected Products: PZOS – All Supported Versions 5.4.3.1 or Below

Summary

The OpenSSL Project announced a Security Advisory on April 07, 2014 regarding a critical TLS vulnerability in version 1.0.1 through version 1.0.1f (CVE-2014-0160 – https://www.openssl.org/news/secadv_20140407.txt)

Details

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Panzura would like to reassure our customers that a thorough review of the PZOS code base has been undertaken it is confirmed that all TLS-secured communication used in the Panzura system is NOT vulnerable to this exploit.

Resolution

Panzura software is not at risk from this vulnerability.

Back to Advisories List