[AusNOG] Fwd: Heartbleed Bug

Shain Singh shain.singh at gmail.com
Wed Apr 9 18:55:25 EST 2014


Hi,



On 9 April 2014 05:48, Colin Stubbs
<colin.stubbs at equatetechnologies.com.au> wrote:
>
> Yeap, I can confirm that.
>
> Note however,
>
> 11.5's management interface is affected. That's the webGUI to config/manage
> the box which runs Apache w/ OpenSSL.
>
> SSL virtual hosts terminated by TMOS __are not__ affected, e.g. the
> production services hosted by the F5.

Only if you are not using the COMPAT directive in your SSL profiles
(which the majority of people won't).


>
> Definitely doesn't affect 11.4 or below from the testing I've now done.
>
> -Colin
>
> On 8 April 2014 14:09, Mick O'Rourke <mkorourke+ausnog at gmail.com> wrote:
>>
>> > F5 load balancers are vulnerable.
>>
>> Apparently only 11.5.x versions of BIG IP.
>>
>>

The official release from F5
http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Disclaimer: I am an F5 employee.

For security related alerts on F5, you can sign up here (you need to
provide contact details besides email):
https://interact.f5.com/technews.html


-- 
Shaineel Singh
e: shain.singh at gmail.com
p: +61 422 921 951
w: http://buffet.shainsingh.com

--
"Too many have dispensed with generosity to practice charity" - Albert Camus


More information about the AusNOG mailing list