Environment
NetIQ Operations Center 5.0
Situation
There is a bug here identified by OpenSSL HeartBleed security hole
Resolution
In case any customers are wondering if Operations Center is affected by the OpenSSL HeartBleed security hole that's been on the news, it is NOT affected. We do NOT use OpenSSL in NOC.
However, we do believe that PostgreSQL does use OpenSSL for secure database connections. Depending on the version of PostgreSQL, version of OpenSSL included, and how it is configured, there may be a vulnerability. Since we do NOT distribute PostgreSQL, it would be up to the customer to update their PostgreSQL implementation IF it were to be susceptible.
Here's The OFFICIAL statement issued by HeartBleed site on what the broken versions are:
What versions of the OpenSSL are affected?
Status of different versions:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable