HeartBleed is a critical security vulnerability (CVE-2014-0160) in the OpenSSL cryptographic library, which is widely used by online sites and web-based services to provide secure connections. The vulnerability potentially allows an attacker to silently read information from the memory of a server. This means highly confidential information, such as web server private keys and user passwords, could be copied by an attacker.
This advisory will be updated as additional information becomes available.
Corporate products:
Consumer products:
Consumer platforms:
The following products and platforms are affected and already patched.
Products and platforms not listed in this advisory are NOT affected by Heartbleed.
Product/Platform | Requires user action? (Yes/No) | Remarks |
---|---|---|
F-Secure Community | No | |
F-Secure SAFE Portal | Yes | Since F-Secure SAFE portal requires a web log-in (MYSafe), we suggest you change your passwords as we suggest to do with any other online services.
|
F-Secure MYAccount Portal | Yes |
|
SAFE Avenue |
Yes | |
Safe Profile | Yes | |
F-Secure Search |
Yes | |
F-Secure Key | No | F-Secure Key servers were affected by the vulnerability, however all data stored in F-Secure Key is safe. Data can only be accessed on users device and users do not have to change their Master Password because of the Heartbleed vulnerability. |
F-Secure Freedome | No | |
F-Secure Messaging Secure Gateway 7.5 | No |
Detailed guidance can be found here: Guidance for OpenSSL vulnerability CVE-2014-0160 MSG and PSE.pdf |
Protection Service for Email 7.5 | Yes |
Detailed guidance can be found here: Guidance for OpenSSL vulnerability CVE-2014-0160 MSG and PSE.pdf |
F-Secure Server Security | Yes |
Detailed guidance can be found here: Guidance for OpenSSL vulnerability CVE-2014-0160 Email Server security - Server Security.pdf |
F-Secure E-mail and Server Security | Yes |
Detailed guidance can be found here: Guidance for OpenSSL vulnerability CVE-2014-0160 Email Server security - Server Security.pdf |
F-Secure PSB Server Security | Yes | PSB ESS 10.00 MF1 which addresses HeartBleed vulnerability (CVE-2014-0160) will be available starting from today 14th April 2014 via channel upgrade. It is recommended that on top of this multifix users should regenerate their certificates and change their passwords at the endpoint.
Detailed guidance can be found here: Guidance for OpenSSL vulnerability CVE-2014-0160 PSB Email Server security.pdf |
F-Secure PSB E-mail and Server Security | Yes | PSB ESS 10.00 MF1 which addresses HeartBleed vulnerability (CVE-2014-0160) will be available starting from today 14th April 2014 via channel upgrade. It is recommended that on top of this multifix users should regenerate their certificates and change their passwords at the endpoint.
Detailed guidance can be found here: Guidance for OpenSSL vulnerability CVE-2014-0160 PSB Email Server security.pdf |
Anti-Theft Portal | Yes | Change all user passwords. |
F-Secure Lokki | No |
Product | Versions | Download |
---|---|---|
F-Secure E-mail and Server Security | 10.x - 11.00 |
Hotfix: ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS1100-HF01-signed.fsfix ftp://ftp.f-secure.com/support/hotfix/fsss/FSESS1100-HF01-signed.jar |
F-Secure E-mail and Server Security Premium |
11.00 | Hotfix: ftp://ftp.f-secure.com/support/hotfix/fsss/FSESSPR1100-HF01-signed.fsfix ftp://ftp.f-secure.com/support/hotfix/fsss/FSESSPR1100-HF01-signed.jar |
F-Secure Server Security |
10.x - 11.00 | Hotfix: ftp://ftp.f-secure.com/support/hotfix/fsss/FSSS1100-HF01-signed.jar |
F-Secure Server Security Premium |
11.00 | Hotfix: ftp://ftp.f-secure.com/support/hotfix/fsss/FSSSPR1100-HF01-signed.jar |
Standalone computers:
Centrally managed computers:
Date | Changes |
---|---|
11th April 2014 | First advisory published. |
15th April 2014 |
|
Date Issued: 2014-04-11
Date Last Updated: 2014-04-17