With the auralis® version 2.2.1 we fix the openssl library bug. Affected by this gap are all auralis® installations in version 2.2. Older versions are not affected by the vulnerability.
How does this work?
OpenSSL offers a free implementation of the TLS protocol (Transport Layer Security). It is used to establish an encrypted connection between a user and a server. It also serves to ensure that the client computer and the server itself can send each other signs of life during a connection. This so-called “Heartbeat” has a security leak. Thus, it is possible by an attack to steal memory content of the server in a size of 64 kilobytes and thus to obtain the private keys of certificates or other sensitive data.
Who is affected?
This affects all auralis® installation in version 2.2.0, respectively containing the vulnerable OpenSSL library. Older versions are not affected by this issue.
How can I protect myself?
Administrators can secure their installation against the OpenSSL bug by updating to version 2.2.1.
For questions, please ask our hotline.