Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Primo

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Primo
    3. Knowledge Articles
    4. Is the OpenSSL software used by a particular Ex Libris product affected by the Heartbleed bug (CVE-2014-0160)?

    Is the OpenSSL software used by a particular Ex Libris product affected by the Heartbleed bug (CVE-2014-0160)?

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Question
    2. Answer
    3. Additional Information
    • Article Type: Q&A
    • Product: Aleph

    Question

    Is the OpenSSL software used by a particular Ex Libris product affected by the security vulnerability CVE-2014-0160 (also called Heartbleed bug)?

    Answer

    Most Ex Libris products and services are NOT vulnerable. However, Voyager versions 8.2
    and higher, that use HTTPS and are running on Solaris, Linux, or AIX operating systems
    (not Windows), are vulnerable to this bug.

    Ex Libris is working on the resolution and will provide a security patch shortly. Ex Libris will
    update the relevant customers once the fix is ready.

    For hosted environments, Ex Libris will apply the script to resolve this security issue.

    More details about this bug, which has affected companies and individuals worldwide, can
    be found at the following website: http://heartbleed.com/

    Additional Information

    The OpenSSL versions 1.0.1 up to and including 1.0.1f are affected by the security vulnerability CVE-2014-0160.
    The vulnerability has been fixed in OpenSSL version 1.0.1g.

    OpenSSL versions lower than 1.0.1 (e.g. the version branches 0.9.8 and 1.0.0) are not affected by the vulnerability.

    Sources of information:
    https://www.openssl.org/news/secadv_20140407.txt
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
    http://heartbleed.com

    For instructions on how to determine the version of the OpenSSL software used by one of Ex Libris product please see KCS Article Determine Version of OpenSSL Software used by an Ex Libris Product


    • Article last edited: 7/13/2015
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Is RHEL 6 supported with Primo version 3?
      • What to check to ensure the Alma record has been deleted from Primo?
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Community Content Type
      How To
      Content Type
      Knowledge Article
      Language
      English
      Product
      Primo
    2. Tags
      1. contype:kba
      2. Prod:Primo
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved