heartbleed

HeartBleed vulnerability and ActivePerl

Question: 

Is my Community/Business/Enterprise Edition version of ActivePerl vulnerable to HeartBleed?

Answer: 

ActivePerl Community/Business Editions which, as shipped, are affected:
- 5.14.4.1405 - upgrade to 5.14.4.1406 (Business Edition only) or 5.16.3.1604 to fix
- 5.16.3.1603 - upgrade to 5.16.3.1604 to fix
- 5.18.1.1800 - upgrade to 5.18.2.1802 to fix
- 5.18.2.1801 - upgrade to 5.18.2.1802 to fix

Modules supplied through PPM are unaffected.
Modules compiled locally must be reviewed locally for vulnerability.

Enterprise Editions can be distinguished from Community/Business Editions by the presence of an additional fifth number before the six digit build number/version control number.
ActivePerl Enterprise Editions which, as shipped, are affected:
- 5.8.9.829.9 through 829.12
- 5.10.1.1009.9 through 1009.12
- 5.12.5.1206.2 through 1206.5
- 5.14.3.1404.2 through 1405.3
- 5.16.2.1602.2 through 1603.3

New Enterprise releases have been issued and can be located under the 2014Q1.1 folder.

HeartBleed vulnerability and ActivePython

Question: 

Is my Community/Business/Enterprise Edition version of ActivePython vulnerable to HeartBleed?

Answer: 

No Enterprise versions of ActivePython are vulnerable.

No Community/Business Edition versions of ActivePython 2.x and no Community/Business Edition versions of ActivePython 3.0, 3.1, and 3.2 are vulnerable to HeartBleed.

Only Community/Business Edition ActivePython 3.3.2.0 and 3.3.4.1 are vulnerable.
An updated 3.3 release will be needed to address the vulnerability.

HeartBleed vulnerability and ActiveTcl

Question: 

Is my version of Community/Business/Enterprise Edition ActiveTcl vulnerable to Heartbleed?

Answer: 

From a running tclsh:

%package require tls

The version of tls will be reported. Interpreters running tls 1.6.2 and 1.6.3 are vulnerable. Some installations of tls 1.6.1 are also vulnerable, depending on the age of the module. v1.6.1 carrying a timestamp newer than Feb 2012 (TeaPOT version is affected) are vulnerable,

Unless the tls module has been locally updated,
- Enterprise ActiveTcls shipped before 2012Q2 are unaffected,
- Community/Business Edition ActiveTcl 8.4.19.5 and older are unaffected,
- Community/Business Edition ActiveTcl 8.5.11.0 and older are unaffected,
- Community/Business Edition ActiveTcl 8.6.0.0b6 and older are unaffected

You can mitigate for HeartBleed using the TEApot service.

teacup install tls -exact 1.6.3.1