Given the risk of attack by the "Heart Bleed" OpenSSL attack, here is information on how to determine if you are vulnerable.
First, the most recent ISO install builds of ScaleArc utilize the OpenSSL 1.0.0-fips version, which predates the vulnerability for HeartBleed. If however, a "yum update" of OpenSSL has been performed, or if the RPM install version was used on top of a third party managed CentOS image, another version of OpenSSL may be present. To verify the exact version of OpenSSL present on any CentOS (or ScaleArc system) you can use the command "rpm -q openssl". This should report something similar to the following:
# rpm -q openssl
If the version of OpenSSL is listed as 1.0.1, yet is lower than 1.0.1e-16.el6_126.96.36.199, then you are likely vulnerable. If you are using a base system in a hosted environment such as Rackspace or others that provided a base image that we install on top of, please contact them for instructions on how to upgrade. For others running on a system installed from ScaleArc base images that have been upgraded to CentOS 6.5 (via "yum upgrade"), please issue the command "yum update openssl" (and reboot) to insure you are using the most updated version of OpenSSL and other libraries. This should install an OpenSSL library equal to or greater than openssl-1.0.1e-16.el6_5.7.
If you have used the ISO provided by ScaleArc to perform your install, and you have not performed a "yum update openssl" prior to this date, then you will not have a vulnerable OpenSSL library. If you or your provider installed a newer version of the OpenSSL libraries prior to 4/08/2014, then you need to upgrade using "yum update openssl" in order to further update your image.
If you have any questions in regards to this article, please feel free to contact ScaleArc support at email@example.com or call us at 1-855-800-7225 (US Toll Free) or +1-408-412-7315 (Outside of the US)