June 24, 2014

SSL/TLK MITM Vulnerability Update: Patched Perforce Servers Now Available

Healthcare

Earlier this month, OpenSSL released a security advisory about the SSL/TLS MITM vulnerability. This Man in the Middle vulnerability affects OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. In a nutshell, it means that eavesdropping attackers have the opportunity to intercept data between a client and a server during the handshake that establishes secure connections. This vulnerability is a follow-on to last month’s Heartbleed issue.

In case you’ve missed our recent patch notifications, I wanted to let our customers know that we have patched the Perforce server versions 2012.1 to 2014.1 by linking in OpenSSL version 1.0.1h. Due to the nature of MITM vulnerabilities, there is no need to also patch Perforce clients.

You can download the updated versions of the Perforce server from our website. Please select the appropriate platform, OS and release number from the drop-down menus. They are also available from our FTP site:

Software Release Index: You can find release and patch information for all Perforce products here.

Receive Timely Notifications: To sign up for email notifications, please visit our Communications Center.

As always, our Support team is available for any questions on this or any Perforce-related topic.  Please contact us at support@perforce.com