auralis® Version 2.2.1 eliminates serious bug in OpenSSL

/in /by

With the auralis® version 2.2.1 we fix the openssl library bug. Affected by this gap are all auralis® installations in version 2.2. Older versions are not affected by the vulnerability.

How does this work?

OpenSSL offers a free implementation of the TLS protocol (Transport Layer Security). It is used to establish an encrypted connection between a user and a server. It also serves to ensure that the client computer and the server itself can send each other signs of life during a connection. This so-called Heartbeat” has a security leak. Thus, it is possible by an attack to steal memory content of the server in a size of 64 kilobytes and thus to obtain the private keys of certificates or other sensitive data.


Who is affected?

This affects all auralis® installation in version 2.2.0, respectively containing the vulnerable OpenSSL library. Older versions are not affected by this issue.

How can I protect myself?

Administrators can secure their installation against the OpenSSL bug by updating to version 2.2.1.

For questions, please ask our hotline.