cancel
Showing results for 
Search instead for 
Did you mean: 

When will we see a Heartbleed fix?

thisisdave_
New Contributor

When will we see a Heartbleed fix?

Based on a heartbleed check tool looking at my org's SSL VPN sign-in page, it appears MAG devices running 8.0R3.0 are affected. I'm unsure about 7.4R8.0.

 

I'm shocked there isn't any mention on it in the Secuirty Advisories, nor other sections of the support portal.

 

I'm hopeful a patch is coming soon as I may wind up needing to unplug my MAG, adding insult to the injury of having to force all my VPN users to change their credentials.

6 REPLIES 6
flip_pipe_
Frequent Contributor

Re: When will we see a Heartbleed fix?

 

Stewart in other thread says it is vulnerable and I also test and gave positive.

 

We also have SSLVPN from Checkpoint and those are not vulnerable.

Jewels_
Contributor

Re: When will we see a Heartbleed fix?

The Juniper Networks Security Incident Response Team (SIRT) is aware of the vulnerability and working on fixes to address potential risks to some Juniper products. A Juniper Security Advisory will be published soon and updated as new details become available. We encourage our customers to contact JuniperÕs Customer Support Center for detailed advisories and product updates. We work with customers running vulnerable products very closely to ensure they take the appropriate steps we have identified and deploy any necessary updates or mitigations in a timely manner.

 

We will post news and bulletins here once they become available.

Thank you!

 

Jewels_
Contributor

Re: When will we see a Heartbleed fix?

The Security Advisory is now posted here: http://kb.pulsesecure.net/JSA10623

Thanks!
Julie
lyndidon_
Contributor

Re: When will we see a Heartbleed fix?

You may want to subscribe for updates. I was just creating a post to write up about it yesterday, and was about to make the same complaint, when I got the email update. I was up till late in the morning and saw it. As Jewells indicated, it is posted. I guess making a headline about it would just be asking for all hackers and malevolents out there to direct their attention to Juniper devices.

A new product security advisory has been released. This message contains the link to the new Juniper Security Advisory (JSA) that has been released.

 

JSA10623 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL "Heartbleed" issue (CVE-2014-0160)

NOTE: A Security Advisory is a formal notice regarding critical and/or potentially service-affecting hardware and software security issues. The Security Advisory process allows the proactive communication of pertinent information to both customers and partners. Please report any potential or real instances of security vulnerabilities with any Juniper Networks product to the Juniper Networks Security Incident Response Team (Juniper SIRT) at sirt@juniper.net

CaseyH_
Contributor

Re: When will we see a Heartbleed fix?

KB29004 is out there with the links to the new downloads.

 

Appears the fix has been released for a lot of affected products.

nanustud_
New Contributor

Re: When will we see a Heartbleed fix?

When should we expect the new version for Virtual SA appliances (DTE,STE) tried upgrading our's to 7.4R9.2 but it failed.