• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

It has been over 1 1/2 years since the HeartBleed OpenSSL vulnerability was made public.  But the UC Software Release Matrix for SoundPoint IP phones does not list any new versions except for Microsoft Lync users.  Does that mean Asterisk and other sip server users are vulnerable to HeartBleed?

 

According to the matrix, all fixes for the HeartBleed OpenSSL vulbernability only work with MS Lync deployments.  

Polycom UC Software Release Matrix For SoundPoint IP and SoundStation IP Phones

http://downloads.polycom.com/voice/voip/sip_sw_releases_matrix.html

 

 

As i am not exactly sure where the OpenSSL server would be, is it just the MS IIS Server but OpenSSL could also be in the phone itself? Maybe it does not apply to Asterisk users at all as an Asterisk webserver would get OpenSSL updates thru its software repository.  Otherwise, what is up with Asterisk support?

 

 

 

 Obligatory XKCD comic on the HeartBleed OpenSSL vulnerability

 

 

3 REPLIES 3
HP Recommended

Hello pcTechs,

The Heartbleed SSL fix has, to my knowledge, been added to all affected platforms.

 

If you have any worries or proof that other platforms are affected please work with your Polycom reseller to get this to the attention of a Polycom sales engineer.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

For a security vulnerabilty as huge as this, it needs to be documented, otherwise it is not fixed.  Why would it be a resellers responsibility to update the Polycom.com matrix?

 

Searching thru the Release Notes, the first mention of HeartBleed or just Heart is in the 4.1.0 S relase http://downloads.polycom.com/voice/voip/uc/UC_Software_Release_Notes_4_1_0_S.pdf

 

According to the matrix, the last support for anything but Microsoft Lync was 4.0.9.  

http://downloads.polycom.com/voice/voip/uc/UC_Software_4_0_9_Release_Notes.pdf

 

 

HP Recommended

Hello pcTechs,

again I did not ask your reseller to update our matrix, I did ask you to work with your reseller if you believe or found proof that the latest UC Software 4.0.9 is affected by the heartbleed bug.

 

  • UC Software 4.1.0 rev S contained the fix for heartbleed. The software was released back inApril 2014.
    The 4.1.x range is the revision compatible with LYNC 2010 and LYNC 2013

  • UC Software 4.0.9 is the revision compatible with Open SIP and was released in June 2015

 

The "higher" number of the 4.1.x does not automatically mean newer, its simply the way we chose to label the software.

 

We only fixed versions of software that contained an openSSL version that was vulnerable to heartbleed.

 

Therefore if you believe and can prove that any current 4.0.x Software version is affected by this heartbleed bug and can provide the relevant details please follow this up as already advised.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.