This patch addresses the CVE-2014-0160 bug discovered in the OpenSSL (https://www.openssl.org/) handling transport layer security (TLS) and datagram transport layer security (DTLS) Heartbeat Extension packets. Nicknamed the Heartbleed Bug, this bug introduces a serious vulnerability in the popular OpenSSL cryptographic software library.
In addition to addressing the Heartbleed bug, this patch upgrades the rescue to a new version that includes the new OpenSSL. Applying this patch terminates the SSH session used to log on, and might require you to re-establish your SSH settings.
Applying the patch
- Enable SSH on the target 2.5.00 or 2.5.01 component.
- Log on to your system using the clisystem account.
Run the following command:
Repeat for each remaining component.
After applying the patch
Re-establish SSH settings for all applicable components, as described in the following topics:
- Enhancing access management (Collector)
- Enhancing access management (Analyzer)
- Adding components to the Console (PAE)
- Controlling remote access to the command-line interface
If a problem occurs
If you encountered problems during the installation of the patch or if you could not access the internet to run the installation, contact BMC Customer Support.