In light of the recent OpenSSL Heartbleed vulnerability news, LANDESK has analyzed our portfolio of products and websites and is providing the following update. For additional and continually updated information on this issue and LANDESK products, see: http://community.landesk.com/support/docs/DOC-31332. For updated information about other Wavelink products, see: http://community.landesk.com/support/docs/DOC-31375.
- LANDESK Management Suite and Cloud Service Appliance ARE potentially affected by this vulnerability. It is unlikely that sensitive data is at risk due to the vulnerabilities within these products, but patches have been built for LDMS and CSA to remediate the vulnerabilities and are currently being tested. The patches will be available from LANDESK support as a hotfix, and will also be contained in the next set of patches that are released.
- The following have been assessed and are NOT believed to be impacted by Heartbleed:
- Service Desk as a Service (SDaaS)
- Avalanche on Demand
- LANDESK Mobility Manager
- Asset Lifecycle Manager
- Password Central
- Shavlik products
- Other LANDESK Cloud Services
- The LANDESK customer- and partner-facing websites are NOT impacted by Heartbleed
Update (April 15, 2014): A patch has been issued for the LANDESK Cloud Service Appliance (CSA). This can be applied through the CSA Update function inside the product. For additional information on this and the status of other potential LANDESK product exposures to the OpenSSL Heartbleed vulnerability, please refer to the knowledge base article http://community.landesk.com/support/docs/DOC-31332.
Update (April 17, 2014): LANDESK has released a patch addressing the OpenSSL Heartbleed vulnerability for the LANDESK Management Suite client. This patch applies to LANDESK Management Suite versions 9.5, 9.5 SP1, and 9.5 SP2. The patch was released as content in LANDESK updates in Patch Manager. LANDESK has released this patch as a content update, available via the Update function in Patch Manager inside the product. This update is available for all customers. For additional information on the OpenSSL Heartbleed vulnerability, please refer to the knowledge base article located at http://community.landesk.com/support/docs/DOC-31332
Please contact Customer Support if you have additional questions.