Showing results for 
Search instead for 
Did you mean: 

2014-04-08 Instructure Advisory IAC83502 - HeartBleed TLS Vulnerability

Community Champion
0 0 248


Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-04-08  (Last update can be found below the document title)
  Description:Update on CVE-2014-0160 (aka "the heartbleed bug")
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:Potential Exposure of Sensitive Data
  Systems Affected:Canvas LMS
  Solution Status:Closed/Resolved
  Discovered By:IT security teams at Codenomicon and Google
  Relevant Changesets:



The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing theinformation protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).


Amazon has confirmed that all vulnerable hosted services have been patched against the heartbleed bug. All SSL certificates and private keys for the * top level domain were replaced at 12:00 PM MT on April 10, 2014. We continue to work with organizations that have "vanity" URLS (e.g. to replace their SSL certificates and private keys.

Further Information: (published 7th of April 2014, ~17:30 UTC) (published 7th of April 2014, ~18:00 UTC) (published 7th of April 2014, ~19:00 UTC)