By Richard Seroter, Head of Product Management. Find Richard on Twitter
A dangerous bug was identified in a popular SSL/TLS library that powers many of the web servers in the internet. This bug – called Heartbleed – allows attackers to retrieve data stored in a server’s memory and access sensitive information.
CenturyLink Cloud wants you to be aware of one impacted area which was identified through our comprehensive assessment: OpenVPN software. The Linux distribution used for OpenVPN does not yet have an updated, patched package available to remediate this vulnerability. We are actively pursuing other solutions and will have an update on this issue shortly. [Please see update and action items below]
As this issue is related to OpenVPN client software, we believe it is important to detail what type of communication between users/machines may be affected by this vulnerability.
Control Portal system is *NOT affected, so there is no need to change your password to the web site.
Site to site VPN tunnels from customer premise equipment to CenturyLink Cloud data centers are *NOT affected.
Site to site VPN tunnels between customer servers in a particular CenturyLink Cloud data center to other customer servers in a remote CenturyLink Cloud data center are *NOT affected.