What is the issue?
The OpenSSL project released a security advisory on August 6, 2014 disclosing multiple vulnerabilities in OpenSSL which may potentially impact EMC Syncplicity customers. For more details refer to
What components of Syncplicity are affected?
The issue impacts the following Syncplicity components:
- EMC Syncplicity Orchestration layer load-balancers
- EMC Syncplicity Storage layer load-balancers
- EMC Syncplicity Enterprise Edition On-Premise compute nodes (depending on customer specific configuration)
Was Syncplicity compromised due to this vulnerability?
At this time we have no evidence or reason to believe any Syncplicity customers’ data were compromised in relation to this vulnerability.
When is this issue going to be fixed?
EMC has applied remedies to eliminate the reported applicable vulnerabilities from EMC Syncplicity servers.
What steps were taken to remediate the vulnerability?
EMC Syncplicity has patched all of the impacted components by updating the OpenSSL version in our cloud Orchestration and cloud Storage.
What steps do customers need to take to remediate the vulnerability?
There is no action needed by EMC Syncplicity Personal Edition, Business Edition, and Enterprise Edition cloud storage customers to remediate this vulnerability. EMC Syncplicity Enterprise Edition on-premise storage account administrators are advised to patch their on-premise compute servers. EMC recommends the following steps:
- If you leverage SSL-offloading load balancers (a recommended Syncplicity Best Practice) you should contact your load balancer vendor for guidance on applying necessary patches, if they have not notified you already.
- If you expose your compute servers directly to the Internet or leverage non-SSL offloading load balancers, you are advised to SSH into each node and issue the "sudo yum update" command to install the patched version of OpenSSL. Please reboot the compute servers after installing the patch.
What additional measures is Syncplicity recommending to reduce the risk associated with this vulnerability?
While Syncplicity does not have additional recommendations at this time, EMC Syncplicity Enterprise Edition on-premise customers are advised to conduct their own risk assessment based on their specific configuration and take necessary precautions.
EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.