Everyone, I am sure that most if not all of you have seen the reports in the media about the security bug (called the Heartbleed bug) that has been found out on the internet.
Some details: OpenSSL is the source of the bug. It is a technology used for encryption. The AR System environment uses this technology for password encryption and to encrypt the data as it flows across the wire. The issue was introduced in version 1.0.1 of OpenSSL (released March 2012) and is present in 1.0.1 and 1.0.1a through 1.0.1f of that product. There is a corrected version that was released April 7, 2014 that corrects the error. The error is NOT present in the 0.9.8 or 1.0.0 versions of the product. The AR System uses the 0.9.8 version of the OpenSSL libraries. We have gone through the build trees to confirm this for versions 7.6.04, 8.0, and 8.1 and the service packs and patches for those releases. For all of them, we are using the 0.9.8 version. This means that the AR System, its plugins, its applications, the CMDB, the API, and etc... is not affected by the Heartbleed bug and there is no action you need to take on your environment. BMC is investigating all of the products it ships to check which ones of them may have issues due to this bug. There will be a formal announcement in the near future of BMCs exposure and the remediation plans for any exposure found. This will include the official announcement from BMC about the AR System environment. I just wanted to share the information with this list as soon as it was confirmed that there was no issue with the Remedy product line. Doug Mueller _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
