OpenSSL Vulnerability (Heartbleed) DOES NOT Impact Foglight for Virtualization, Standard (FVS)

Recently, a critical security vulnerability was publicly exposed in the OpenSSL library. OpenSSL is an open-source implementation of the SSL and TLS protocols and is used to encrypt web communications. A security flaw was accidentally introduced with OpenSSL v1.0.1 that was released in December 2011. This flaw in the OpenSSL’s TLS/DTLS heartbeat extension makes it possible for hackers to view information encrypted using SSL. Since the public announcement, OpenSSL v1.0.1g has been released which fixes the problem.

The good news is that Foglight for Virtualization, Standard (FVS) is NOT impacted. FVS relies on OpenSSH if a user enables the optional https encryption setting. OpenSSH is not affected by the Heartbleed vulnerability. Hence, FVS is NOT affected by the Heartbleed vulnerability.

And, as was reported in Kiran Ranabhor’s recent BLOG, Foglight for Virtualization, Enterprise (FVE) and Foglight for Storage Management (FSM) are also NOT impacted by the OpenSSL security flaw.

If you have any questions or concerns, please feel free to post on this forum or get in touch with us.