In the last few days, the Heartbleed OpenSSL security vulnerability has been receiving a lot of attention. It has affected an unprecedented wide range of organisations including Google, LinkedIn, Facebook, Twitter and Adobe.
We have ascertained that CloudPlatform internal services (i.e. virtual routers) are not affected by the SSL vulnerability.
We urge you to check your own cloud servers for the vulnerability as well. If your systems are vulnerable, we recommend urgently updating to the latest version of OpenSSL to patch this bug.
You can easily check whether your server is vulnerable using an online tool.
The official security advisory on OpenSSL bug, including detailed listing of affected products, and remediation procedures is available from NCSC-FI.
For detailed instructions on patching systems affected by Heartbleed, customers should consult the documentation associated with their product. In patching systems, we recommend customers obtain OpenSSL 1.0.1g from trusted sources such as the developer or vendors website, or the OpenSSL software repository.