Security

Reply
Aruba

Re: Heartbleed - CVE-2014-0160 Problem

Hello all,

 
We have just released a patch for the OpenSSL library vulnerability “Heartbleed bug”, CVE-2014-0160.  
  • For ClearPass 6.1 customers, you can apply this patch on all minor versions (6.1.1, 6.1.2, 6.1.3 and 6.1.4). 
  • For ClearPass 6.2. customers, you have to update to 6.2.6 cumulative patch and then apply this patch. Please review the attached README  for more information on this.
  • For ClearPass 6.3 customers, you have to update to 6.3.1 cumulative patch and then apply this patch. Please review the attached README for more information on this.
In ClearPass UI, the patch should be visible on the Software Updates screen under the section “Firmware and Patch Updates” . It is also available on our support site (support.arubanetworks.com) at the following locations for offline update.  
 
Downloads —> ClearPass —> Policy Manager —> Archives —> 6.1.0 —> Patches
 
Downloads —> ClearPass —> Policy Manager —> Archives —> 6.2.0 —> Patches
 
Downloads —> ClearPass —> Policy Manager —> Current Release —> Patches
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I

Re: Heartbleed - CVE-2014-0160 Problem

Has anyone upgraded to ArubaOS 6.1.3.5 yet and if so any issues they've encountered with this new release?

Occasional Contributor II

Re: Heartbleed - CVE-2014-0160 Problem

i upgraded already and all went smooth !

the only changes in this firmware is the sec-fix

Frequent Contributor I

Re: Heartbleed - CVE-2014-0160 Problem

Hi Martin,

 

Just to clarify, we're talking WLAN controller OS not ClearPass correct?

Occasional Contributor II

Re: Heartbleed - CVE-2014-0160 Problem

Yes, i'm talking about the controller OS

Frequent Contributor I

Re: Heartbleed - CVE-2014-0160 Problem

I aplogize, I meant to ask if anyone has upgraded to controller OS 6.3.1.5.

Occasional Contributor II

Re: Heartbleed - CVE-2014-0160 Problem

well, i uograded to controller os 6.3.1.5 ;-)

Highlighted
Contributor I

Re: Heartbleed - CVE-2014-0160 Problem

We tried and it not not working now? We are working on it to get back online again.

 

hdemir.

 

Frequent Contributor II

Re: Heartbleed - CVE-2014-0160 Problem

We have seen RADIUS can vulnerable to the OpenSSL heartbleed bug as well.

 

You can extract upto 1KB of memory from the RADIUS server. Also see the announcement from FreeRADIUS: http://freeradius.org/security.html - ClearPass is using FreeRADIUS under the hood. 

 

So patch up! Upgrade/update your ClearPass :)


ACMX#255 | ACDX#742 | ACCX#746 | AMFX#25 | ACMP | ACCP | AWMP
www.securelink.nl
Occasional Contributor II

Re: Heartbleed - CVE-2014-0160 Problem

This all seems a little confusing.  My Aruba controller is running 6.3.0.2_40034  We are not using Clearpass.

 

The only patches I am aware off are for Clearpass.  Do I need to upgrade/patch my controller?  Please can you link direct to the location of the patch.

 

I have allocated downtime this evening to carry out the fix, so I would appreciate someone getting back to me ASAP.

 

THank you.

tweet @wjhphoto
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: