Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Is the OpenSSL software used by a particular Ex Libris product affected by the Heartbleed bug (CVE-2014-0160)?

    • Article Type: Q&A
    • Product: Aleph

    Question

    Is the OpenSSL software used by a particular Ex Libris product affected by the security vulnerability CVE-2014-0160 (also called Heartbleed bug)?

    Answer

    Most Ex Libris products and services are NOT vulnerable. However, Voyager versions 8.2
    and higher, that use HTTPS and are running on Solaris, Linux, or AIX operating systems
    (not Windows), are vulnerable to this bug.

    Ex Libris is working on the resolution and will provide a security patch shortly. Ex Libris will
    update the relevant customers once the fix is ready.

    For hosted environments, Ex Libris will apply the script to resolve this security issue.

    More details about this bug, which has affected companies and individuals worldwide, can
    be found at the following website: http://heartbleed.com/

    Additional Information

    The OpenSSL versions 1.0.1 up to and including 1.0.1f are affected by the security vulnerability CVE-2014-0160.
    The vulnerability has been fixed in OpenSSL version 1.0.1g.

    OpenSSL versions lower than 1.0.1 (e.g. the version branches 0.9.8 and 1.0.0) are not affected by the vulnerability.

    Sources of information:
    https://www.openssl.org/news/secadv_20140407.txt
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
    http://heartbleed.com

    For instructions on how to determine the version of the OpenSSL software used by one of Ex Libris product please see KCS Article Determine Version of OpenSSL Software used by an Ex Libris Product


    • Article last edited: 7/13/2015