Notable Solutions Reports Some AutoStore 6 Components Vulnerable to Heartbleed Bug
Notable Solutions says an update that corrects the bug is included in the AutoStore Framework v10 and can be immediately downloaded via AutoStore’s Software Updates service. A Bates Stamp Server update has also been released to address the problem. The AutoStore Framework v10 update must be applied to the machine that hosts the AutoStore Server. The Bates Stamp Server update must be applied to the machine that hosts Bates Stamp Server, which may be different from the machine where AutoStore is installed.
The firm says that most AutoStore environments are not vulnerable to this issue since AutoStore typically runs on private networks – in other words, the intrusion would have to take place from within a customer’s network for this vulnerability to be exploited.
Heartbleed is a security bug in the open-source OpenSSL cryptography library, which is widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This vulnerability results from a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension, the heartbeat being behind the bug’s name. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure Web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ passwords.
AutoStore customers should contact Notable Solutions’ support at firstname.lastname@example.org if they have questions, require assistance with applying the updates, or need help verifying that updates were installed successfully.