Heartbleed vulnerability and Stackato

Posted by jamesf on 2014-04-09 07:59
OS: All / Any | Product: Stackato | tags: 2.10.4 2.10.6 3.0.1 3.2.1 heartbleed patch Security ssl
Question: 

Is Stackato vulnerable to the Heartbleed bug? How can I patch Stackato?

Answer: 

Stackato is vulnerable to the Heartbleed bug. You can patch your system by running "kato patch install heartbleed-fix". This patch will install updated OpenSSL libraries on both the host VM and inside the container templates. Most apps won't need to be redeployed, but some may depending on the app and how SSL is used. We advise you test your app (see tools below) after applying the patch to determine if redeploying the app is necessary.

A patch is also available for Stackato 2.10.4 here:
https://get.stackato.com/patch/2.10/stackato-2.10.4-heartbleed.sh

If you have any questions please contact ActiveState support.

More info:

http://heartbleed.com/
http://filippo.io/Heartbleed/
https://gist.github.com/sh1n0b1/10100394
https://github.com/titanous/heartbleeder

jamesf
ActiveState Staff
Tue, 2014-06-17 09:46

Stackato clients earlier than v3.0.8 may be vulnerable to client-side attacks, please ensure you have updated your Stackato CLI to the latest version as well.