Patch available for OpenSSL Heartbleed security bug

This patch addresses the CVE-2014-0160 bug discovered in the OpenSSL (https://www.openssl.org/) handling transport layer security (TLS) and datagram transport layer security (DTLS) Heartbeat Extension packets. Nicknamed the Heartbleed Bug, this bug introduces a serious vulnerability in the popular OpenSSL cryptographic software library. 

 In addition to addressing the Heartbleed bug, this patch upgrades the rescue to a new version that includes the new OpenSSL. Applying this patch terminates the SSH session used to log on, and might require you to re-establish your SSH settings. 

Do you need to install this patch?

BMC Real End User Experience Monitoring (BMC EUEM) 2.5.00 and 2.5.01 include a version of OpenSSL (1.0.1c) that has the Heartbleed bug. However, because of the way in which OpenSSL is used in the product, BMC EUEM is not vulnerable to the problems identified in this bug. BMC EUEM does not use the OpenSSL library to make any external incoming or outgoing connections. The vulnerable version of OpenSSL is used only in the module that decrypts web traffic after it is captured. For these reasons, BMC believes that BMC EUEM customers are not at risk because of the OpenSSL vulnerability. 

However, BMC takes security seriously and is releasing this patch, which updates the OpenSSL library in the product. 

If you have questions about whether to install this patch, contact BMC Customer Support.

Applying the patch

  1. Enable SSH on the target 6.5.x or 2.5.x appliance.
  2. Log on to your system using the clisystem account.

  3. Run the following command:

    install https://deviceupdates.bmc.com/downloads/TS-18694-1.0.0.cor
  4. Repeat for each remaining component.

After applying the patch

Reestablish SSH settings for all applicable components, as described in the following topics:

If a problem occurs

If you encountered problems during the installation of the patch or if you could not access the internet to run the installation, contact BMC Customer Support. 

Related topics

Release-notes-and-notices

Known and corrected issues

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*