April 9, 2014

The OpenSSL cryptographic library, used by GemStone for RPC session logins (client-to-gem connections), has a critical security bug that potentially allows private memory to be exposed to third parties. This bug is known generally as the Heartbleed bug. More information on this bug can be found at http://heartbleed.com.

While we do not believe this vulnerability is likely to be exposed in GemStone, we strongly recommend users update to the latest OpenSSL version provided by GemTalk Systems. OpenSSL periodically discovers vulnerabilities; GemStone/S 64 Bit releases will include the latest patch versions of the SSL libraries.

See Bugnote for 44080