Server makers rush their Heartbleed patches
Dell, HP and IBM issue firmware and software updates for servers affected by the Heartbleed bug
IDG News Service - Enterprise IT vendors are rushing to protect users from the Heartbleed bug, which has been found in some servers and networking gear and could allow attackers to steal critical data -- including passwords and encryption keys -- from the memories of exposed systems.
Hewlett-Packard, Dell and IBM have set up pages that identify hardware and software products affected by Heartbleed, which exposes a critical defect in certain versions of OpenSSL, a software library for secure communication over the Internet and networks.
The bug, which was detailed last week, has already been patched in a new version of OpenSSL, but hardware companies are now racing to patch products relying on older versions. Firmware and software patches have been issued for HP's BladeSystems and IBM's AIX servers and also Dell's appliances and networking equipment. In advisories, the server makers have advised customers to investigate hypervisors, OSes and middleware for possible vulnerabilities.
Some HP servers use OpenSSL for encryption and secure communication, and the company is conducting an "aggressive and comprehensive review of all actively supported products" for exposure to the Heartbleed bug, an HP support page said. The security updates are available for free to all customers, an HP spokesman said in an email on Monday.
HP on Sunday issued patches for some versions of server management tools BladeSystem c-Class Onboard Administrator, Smart Update Manager and the System Management Homepage running OpenSSL on Linux and Windows.
HP last week said it had not yet identified networking equipment affected by Heartbleed, but would continue investigating products.
Dell's PowerEdge servers and OpenManage system management products are not likely affected by Heartbleed. But in a comprehensive Heartbleed advisory, Dell identified system management, security appliances and networking equipment affected by the bug.
Dell is working on patches for the Kace K3000 mobile-device management appliance, some Foglight network appliances and networking equipment running on Dell's Networking Operating System (FTOS). The company has already issued firmware patches for affected SonicWall security appliances, and the advisory page on Dell's website will be updated when fixes for more products are released.
IBM has found the Heartbleed bug affecting AIX servers, which use OpenSSL to implement communication across clusters via the TLS (Transport Security Layer) protocol. OpenSSL also enables SSL (Secure Sockets Layer) for secure communication over the Internet.
IBM has issued an OpenSSL patch for servers that shipped with AIX 6.1 OS with the TL9 protocol and AIX 7.1 with the TL3 protocol. IBM is also recommending upgrading to the new OpenSSL version on GPFS (General Parallel File System) versions 3.4 and V3.5 for AIX and Linux for Power and x86 servers. Software including WebSphere MQ, Sametime Community Server version 9 HF1 and Cloudant are affected by the Heartland bug.
IBM in an advisory suggested System Z server customers subscribe to the System z Security Portal for the latest patches and software updates.
- Virtualization and Cloud Computing: Optimized Power, Cooling, and Management Maximizes Benefits The effects that the cloud and virtualization have on the data center are discussed and possible solutions or methods for dealing with them...
- Comparing Data Center Power Distribution Architectures Significant improvements in have been achieved in data center power distribution, increasing the options available for data centers. This paper compares five power...
- Implementing Hot and Cold Air Containment in Existing Data Centers This paper investigates the constraints, reviews all available containment methods, and provides recommendations for determining the best containment approach.
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Servers White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!