The Apache CloudStack Blog

Friday July 10, 2015

CloudStack and OpenSSL CVE-2015-1793

Updated July 11th, 2015:

After reviewing CloudStack components and seeing Debian's advisory on CVE-2015-1793 (CloudStack's "system VM" is Debian based), it looks like CloudStack is not affected by this vulnerability.

Original post follows...

On the 9th of July, the OpenSSL project announced a high severity vulnerability within the OpenSSL library. While this particular vulnerability does not seem to affect SSL servers, there are security issues with SSL clients powered by OpenSSL. Because of this, we suspect there may be issues with parts of CloudStack which initiate SSL connections.

At this point we are still reviewing which particular versions of OpenSSL are used by different versions of CloudStack. Once this review is complete, we will further update the community and this post as to our next steps.

Comments:

great!!

Posted by carlogos on May 17, 2017 at 09:29 AM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation