UPDATE: Connext DDS 5.1 & Heartbleed Reply

heartBleedThe Heartbleed bug is serious, with the potential to expose user passwords and other sensitive information.

The vulnerabilities created by the Heartbleed bug have been identified in certain versions of the OpenSSL cryptographic software library. More information about the bug can be found at www.heartbleed.com.

OpenSSL is used for certain features in RTI Connext DDS such as the Secure WAN and TLS transports. RTI Connext DDS 5.1.0 shipped with a version of OpenSSL that is affected by the Heartbleed bug.

OpenSSL version 1.0.1g addresses the heartbleed bug (see the OpenSSL security advisory here: http://www.openssl.org/news/secadv_20140407.txt). RTI has built and tested OpenSSL version 1.0.1g against RTI Connext DDS 5.1.0 and made it available on the RTI Customer Portal. Any customer who is using RTI Connext DDS 5.1.0 and OpenSSL should replace their existing OpenSSL installation with the new version.

If you are using a different version of RTI Connext DDS, you are not affected by the vulnerability and no action is required.

Submit a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s