We would like to clarify the situation regarding Abiquo and the recently discovered Heartbleed vulnerability in the popular OpenSSL cryptographic software library. A full description of the vulnerability, including operating systems affected can be found here http://heartbleed.com
All of the Abiquo platform components run on CentOS. The bug was only present on latest CentOS 6.5, but for Abiquo 2.6.X and previous versions, the installer uses CentOS 5, which uses OpenSSL 0.9.8. This does not have the vulnerability which is present in OpenSSL 1.0.1 prior to version 1.0.1g.
IF you have installed CentOS 6 KVM hypervisors then the vulnerability could be present. It is unlikely that you will be using OpenSSL on your KVM hosts, but you should check the versions of CentOS and OpenSSL on your systems and if nessecary update the packages from the CentOS repositories.
0 Comments