We see information about bug in software. Now device SA4500 working with system 7.4.R8.
Issue CVE-2014-0160 in OpenSSL
In this document see :
Juniper Networks has released 8.0R3.1 and 7.4R9.1 to resolve this issue on the server
side for its SSL VPN product family. The fixed build includes openssl libraries with
disabled heartbeat extension options (using the openssl option -DOPENSSL_NO_HEARTBEATS)
In this situation Juniper TAC it is recomended new version 7.4R9.1 for SA4500.
Please send me official JTAC recomendation for this bug.
Juniper Networks Secure Access Release Notes
IVE Platform Version 7.4R9.1 Build # 30599
Known Issues/Limitations Fixed in 7.4R9.1 Release
This release fixes the issue described in JSA10623. For more detailed info please refer KB29004.
Version 7.4R9.1 it is fixed and not have bug ?
Can you confirmed this information ?
I am running 7.4r7 in production. This version of the IVE / Pulse should be vulnerable. However when scanned with http://filippo.io/Heartbleed it's indicating that our systems are not vulnerable.
I have 7.4r9.1 running in our lab and we're planning on upgrading tonight, but I was really hoping to be able to confirm that the issue has been patched.
Does anyone have another way to test for the vulnerability?
Does anyone know why the Pulse clients are listed as vulnerable and what the vulnerability actually entails? Are they only listed because they were built with a vulnerable version of OpenSSL? What would an attack on a client actually look like or be able to compromise?
Anyone else seeing HC timeouts with the new 7.4R9.1 code?
Our HC runs every 10 mins and after upgrading from 7.4R5 to 7.4R9.1 I am getting HC timeouts on a Win7 and MacOS Pulse clients.
Since HC is done over SSL I'm wondering if this new code's fix of disabling heartbeat extensions is impacting it.