Skip to content
Изучите другие сайты InterSystems:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
Italy
Italy
Japan
Japan
Kazakhstan
Казахстан
Middle East Region
Middle East
Russia
Россия
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
Ukraine
Україна
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Изучите другие сайты InterSystems:
Australia New Zealand
Australia & New Zealand
Benelux
Benelux:
Benelux:
Brazil
Brazil
Chile
Chile
China
China
Czech Republic
Czech Republic
Finland
Finland
France
France
Germany
Germany
Hungary
Hungary
Italy
Italy
Japan
Japan
Kazakhstan
Казахстан
Middle East Region
Middle East
Russia
Россия
South Africa
South Africa
Middle East Region
Southeast Asia
Spain
Spain
Sweden
Sweden
Ukraine
Україна
United Kingdom Ireland
United Kingdom & Ireland
United States
United States
Узнайте о продуктах и решениях InterSystems, возможностях карьерного роста и многом другом.
Home
Product Alerts & Advisories
Advisory: OpenSSL Security Advisory

Advisory: OpenSSL Security Advisory

Jun 17, 2014

June 17, 2014 - Advisory: OpenSSL Security Advisory

The OpenSSL Project https://www.openssl.org recently released a security advisory on vulnerabilities in the OpenSSL product.

These vulnerable OpenSSL products are included in the distribution of and used by most InterSystems products from version 2007.1 through the present, 2014.1. OpenVMS and Mac OSX are the exceptions to this; InterSystems products on these platforms use the libraries installed with the operating system.

InterSystems strongly recommends that customers move to OpenSSL versions containing the corrections to the vulnerabilities as soon as possible. To ease this transition for our partners, InterSystems is taking the following steps:

  1.  We have posted updated distributions of the latest maintenance release of all versions since 2011.1. The updated distributions include the corrected version of OpenSSL.
  2. We have posted versions of the corrected OpenSSL libraries, again for all versions since 2011.1, along with instructions that will install them in existing deployments. The list below shows the compatibility between corrected OpenSSL version and InterSystems version.
    OpenSSLInterSystems
    1.0.0m2011.1 through 2014.1
    0.9.8za 2007.1 through 2010.2

Installation of InterSystems products can result in OpenSSL libraries being placed in multiple locations. For example, the CSP Gateway uses SSL and the Gateway is often installed on a server separate from the primary InterSystems installation. The installation instructions detail the locations that need to be considered.

Distributions and instructions can be found at:
https://wrc.intersystems.com/wrc/Distribution.csp

Installation instructions are named: openssl_installation_instructionspatch-all.txt

Distributions of updated libraries are named according to the convention: openssl-version-platform.extension; for example, “openssl-2014.1.1.702.1-lnxsuse10x64.tar.gz”.

Note that distribution files are named for the most recent ISC maintenance release for a major version. These distributions are compatible with all releases for that major version. i.e. 2011.1.6.1001.4 is compatible with 2011.1.0 through 2011.1.6
If you have any questions regarding this advisory, please contact the Worldwide Response Center.