Many of you have probably heard about the recent critical "heartbleed" bug in
openssl and are currently franticly patching your systems (or should be at
"The OpenSSL project has confirmed that the code responsible for the flaw has
been present in its software since 2011 and available to the public since the
release of OpenSSL 1.0.1 in March 2012."
I just had a quick check on the hub probes at least:
# strings /opt/nimsoft/hub/hub |egrep -io "openssl.*20.*$" | uniq
OpenSSL 1.0.0c 2 Dec 2010
# strings /opt/nimsoft/hub/libldapssl.so.0 |egrep -io "openssl.*20.*$" | uniq
OpenSSL 0.9.8 05 Jul 2005
It appears both the new v7.50 and the older v5.82 have the same openssl lib
statically linked. And it should not be affected by the heartbleed bug.
But if anyone else comes across something else in the Nimbus world that is
affected by this, please shout out!