In light of the recent OpenSSL Heartbleed vulnerability news, LANDESK has analyzed our portfolio of products and websites and is providing the following update. For additional and continually updated information on this issue and LANDESK products, see: http://community.landesk.com/support/docs/DOC-31332. For updated information about other Wavelink products, see: http://community.landesk.com/support/docs/DOC-31375.
- LANDESK Management Suite and Cloud Service Appliance ARE potentially affected by this vulnerability. It is unlikely that sensitive data is at risk due to the vulnerabilities within these products, but patches have been built for LDMS and CSA to remediate the vulnerabilities and are currently being tested. The patches will be available from LANDESK support as a hotfix, and will also be contained in the next set of patches that are released.
- The following have been assessed and are NOT believed to be impacted by Heartbleed:
- Service Desk as a Service (SDaaS)
- Avalanche on Demand
- LANDESK Mobility Manager
- Asset Lifecycle Manager
- Password Central
- Shavlik products
- Other LANDESK Cloud Services
- The LANDESK customer- and partner-facing websites are NOT impacted by Heartbleed
Update (April 15, 2014): A patch has been issued for the LANDESK Cloud Service Appliance (CSA). This can be applied through the CSA Update function inside the product. For additional information on this and the status of other potential LANDESK product exposures to the OpenSSL Heartbleed vulnerability, please refer to the knowledge base article http://community.landesk.com/support/docs/DOC-31332.
Update (April 17, 2014): LANDESK has released a patch addressing the OpenSSL Heartbleed vulnerability for the LANDESK Management Suite client agent. This patch applies to LANDESK Management Suite versions 9.5, 9.5 SP1, and 9.5 SP2. LANDESK has released this patch as a content update, available via the Update function in Patch Manager inside the product. This update is available for all customers. For additional information on the OpenSSL Heartbleed vulnerability and the LANDESK client agent, please refer to the knowledge base article located at http://community.landesk.com/support/docs/DOC-31332
Update (April 25, 2014): LANDESK has developed a component patch to remediate the OpenSSL Heartbleed vulnerability for LANDESK Management Suite versions 9.5, 9.5 SP1 and 9.5 SP2. This component patch also contains the previously updated Windows client agent, and will be available for customer download as patch content Friday, April 25. For additional information on the OpenSSL Heartbleed vulnerability, please refer to knowledge base article: http://community.landesk.com/support/docs/DOC-31332
Please contact Customer Support if you have additional questions.