dots blog

News

Customer alert: Security patch for Heartbleed bug available

Heartbleed – first bug with own logo!

You might have heard from the OpenSSL Heartbleed bug, which is a serious vulnerability in the OpenSSL cryptographic software library. This library is distributed with Printgroove JT Web 5 and Printgroove JT Suite 5.

This security bug may allow theft of the servers' private keys, users' session cookies and passwords, that should normally be protected by the SSL/TLS encryption. As long as the vulnerable version of OpenSSL is in use, it can and will be be abused.

We therefore strongly recommend to apply the dots security patch as described in TechNote 50-11 on our dots Infohub (please consult your Konica Minolta representaive for details)

Heartbleed: Are you at risk?

  • Affected are version 5.2 and version 5.4 of Printgroove JT Web 5 and Printgroove JT Suite 5. Older versions are not affected.
  • Affected are only those installations where the Apache configuration has been changed to utilise the secure http protocol (https).
  • The installation is not affected by the Heartbleed bug in case the customer uses the standard configuration of the Apache web server, as it is shipped with Printgroove JT Web 5 and Printgroove JT Suite 5, hence uses the standard http protocol (http). In this case no action is required.
  • The security patch will be included in the next regular update for Printgroove JT Web 5 and Printgroove JT Suite 5. Do NOT wait for it, see below!
  • The dots security patch is not applicable in case you use your own Apache web server. It is within your responsibility to verify if your Apache installation is affected or not.

What to do?

In case your installation is at risk, contact your Konica Minolta representative and ask to install our security patch at your site. Said patch and detailed instructions are available for certified Konica Minolta dealers at our Infohub. If you have further questions, drop us a note on Twitter. For detailed information follow the links below. Always keep in mind: Security is not a condition or a state of mind, it is a process. Stay alert!

Related news

Related links

back