Problem

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Heartbleed has 2 CVE identifiers: CVE-2014-0160 and CVE-2014-0346. The second CVE is deprecated and CVE-2014-0160 should be considered the canonical CVE.

Affected openSSL version are only 1.0.1 and 1.0.2-beta releases, including 1.0.1f and 1.0.2-beta1.

https://www.openssl.org/news/secadv_20140407.txt

http://heartbleed.com/

Resolution

TSIM is not affected by the vulnerability as it does not use openSSL. Nonetheless, the currently installed openSSL versions should be checked and if the affected versions are installed, openSSL should be upgraded as soon as possible.