On September 22nd, 2016, the OpenSSL project released versions 1.1.0a, 1.0.2i, and 1.0.1u of OpenSSL. This release contains about a dozen security fixes, including one important update that we wanted the Akamai community to be specifically aware of.
The important update will resolve a memory consumption bug that could allow malicious clients to send messages to HTTP servers, which could lead to memory consumption issues, an eventual crash, and/or restarts. We are confident that our existing reliability mechanisms on our platform would result in no noticeable impact, but we are rolling out the fix on our end-user facing delivery and mission-critical systems out of an abundance of caution. We also expect no noticeable performance/availability impact as a result of this upgrade.
We are also evaluating (and where necessary, patching) all other systems as/where appropriate.
Akamai also recommends that its customers upgrade their OpenSSL implementation(s) to the latest version(s) as soon as possible to avoid any potential impact.
If you have any questions or concerns regarding this vulnerability and your Akamai services, please use our Community post dedicated to the subject, or contact your Akamai Representative or Customer Care.
If our investigation uncovers additional risks, we will provide follow-up blog posts, Akamai Community posts, and Luna Portal advisories to update customers on how we are affected and what we are doing about it.