IBM Notes / Domino not vulnerable Heartbleed bug

The Heartbleed Bug
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).


The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."


More @heartbleed.com

Abstract

Information is circulating describing a method called "Heartbleed," which exploits a vulnerability caused by a design error in OpenSSL. This technote provides confirmation that IBM Notes and Domino are not susceptible to the Heartbleed attack.

Content

IBM Notes and Domino are not vulnerable to the Heartbleed bug because they do not use OpenSSL as the basis of the SSL stack in the products. Note that this includes both the Domino SSL stack as well as the TLS implementation supported by the IBM HTTP Server in 9.0. Notes Traveler is also not affected.

For more information on the Heartbleed bug, including a Q&A, go to http://www.heartbleed.com.

Related information

CVE-2014-0160
OpenSSL vulnerabilities do not apply to IHS
A simplified Chinese translation is available

More @ibm.com/support/docview.wss?uid=swg21669782