Updated CUCM 10 software available to fix 'Heartbleed' problem?

Unanswered Question
May 16th, 2014
User Badges:

Forgive my ignorance, but I've been looking at the notice about CUCM 10 being affected by the so called heartbleed problem, but I can't figure out if there's a new version of the software available for download or not.  If there's an updated version, how can I get to it?  I see this version available when I go to CUCM 10.0 downloads:  10.0(1.1000-1)    ...and there are various installers available for download.

But I also see a 10.5(1) available now, but when I go to the downloads, all I see are OVA files.  

Is there really an updated CUCM 10 installer that would be appropriate for us to update to for getting rid of the heartbleed issue? 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Salcie Tejeda Fri, 05/16/2014 - 05:26
User Badges:
  • Gold, 750 points or more

Hi Jmeir,

The release will be able soon, maybe in two weeks (that's what I heard). Release 10.5 will be able in 6 - 8 month.

 

Regards

jmeier10510 Fri, 05/16/2014 - 05:30
User Badges:

Ok.  I guess I'll keep watching for it..  I wasn't sure if it was available yet but the bug report shows some unaffected version 10 releases:

https://tools.cisco.com/bugsearch/bug/CSCuo17440

Known Fixed Releases:
(5)
10.5(0.98000.642)
10.5(0.98000.393)
10.0(1.11900.2)
10.0(1.12007.1)
10.5(1.10000.7)
 
 
Leo Salcie Tejeda Fri, 05/16/2014 - 06:37
User Badges:
  • Gold, 750 points or more

The release are available only for some partner to test the new release.

jmeier10510 Fri, 05/16/2014 - 09:13
User Badges:

I'm not sure whether this statement on that link applies to us or not, but it sort of worries me (if I were to install that version):  

"UNRST releases support fewer encryption capabilities and are classified as US export unrestricted. UNRST releases are intended for customers for which US export and-or foreign import encryption regulations apply. Once installed, UNRST releases can NEVER be converted or upgraded to releases which support full encryption capabilities."

Actions

This Discussion