CVE-2014-0160 notification just came out.

only 11.5.0 is affected and only if you are using the compat cipher suite instead of the native suite. Below is a copy of an email from an F5 field engineer.

Only TMOS 11.5.0 is vulnerable to CVE-2014-0160, and then only on management or on VIPS using the 'COMPAT' ciphers. VIPS using the NATIVE ciphers, which is the default, are not affected. TMOS less than 11.5.0 is not affected. ID456033 is open for this CVE and I'm working on getting a SOL created.

Also, here is some more info on the vulnerability.

http://www.openssl.org/news/vulnerabilities.html2014-0160 http://www.openssl.org/news/secadv_20140407.txt http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14457.html http://heartbleed.com/ http://filippo.io/Heartbleed/ https://devcentral.f5.com/questions/openssl-and-heart-bleed-vuln

see below solution article for official answer from F5.

http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

So if you read the SOL - it applies to ALL versions from 10.0.0-11.5

Sorry you were right! It says it's affected at the top and then further down says it's not.

The "Applies to" box is meant to show you which products from F5 are included in the solution note. E.g. if a SOL only applied to FirePass, then it would be in the Applies To box.

In this case, no F5 product is vulnerable to CVE-2014-0160 except those identified in the table in the Status section.