OpenSSL Heartbleed Security Update

heartbleed.pngAs some of you may know, CVE-2014-0160 (“Heartbleed”) announced a vulnerability in certain versions of OpenSSL.

After the announcement on Monday 7th April 2014, the team began investigating the level of potential risk to our hosted systems and on-premise software.

Hosted Systems

Since and use OpenSSL in its platforms it was deemed necessary to immediately update all platforms with the recommended security patches.

Please be assured that our online systems are no longer at risk from this vulnerability.

We recommend that all users of SkySQL and MariaDB online services update their passwords are their earliest convenience.

On-premise Software

MariaDB binaries including MariaDB Galera Cluster on Linux and other non-Windows platforms are dynamically linked with OpenSSL, which makes MariaDB as vulnerable as the underlying system OpenSSL itself is if SSL support for MariaDB has been enabled (disabled by default). You can easily check if it has been by running the command “show variables like ‘have_ssl’;”.

Windows binaries use yaSSL and are therefore not affected by the vulnerability.

In all cases the platform that MariaDB or MariaDB Galera Cluster is run on should should be checked for OpenSSL and the version of OpenSSL. In case a vulnerable version of OpenSSL is found it should be upgraded to a safe version and it’s recommended to change all user passwords.

MaxScale, the intelligent proxy for MySQL and MariaDB also makes use of OpenSSL. OpenSSL is dynamically linked to MaxScale, so also in case you’re using MaxScale make sure to upgrade OpenSSL. MariaDB Manager doesn’t make use of OpenSSL.

We are dedicated to resolving security issues promptly, while remaining open and honest with our customers.

Please check back often and if you require assistance please contact

Thank you.