ALTERA DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THIS PATCH WILL MEET YOUR REQUIREMENTS, OR THAT THE OPERATION OF THIS PATCH WILL BE UNINTERRUPTED OR ERROR-FREE. //**************************************************************** quartusii-heartbleed-patch-readme.txt Readme file for Quartus II Heartbleed Patch Copyright (C) Altera Corporation 2014 All right reserved. Patch created on July 01 2014 Patch Case#: 213281 //**************************************************************** Heartbleed Vulnerability Update: Quartus II Patch Now Available Description: On April 7, 2014, we learned about a vulnerability (CVE-2014-0160, aka Heartbleed) in OpenSSL, an open-source implementation of the Secure Sockets Layer (SSL) protocol. Altera has found no indication that the Altera Quartus II design software tools have been exploited using the Heartbleed vulnerability. The Altera suite of design tools do no operate as Internet facing server applications, and not typically exposed in a fashion that would make an exploitation known or possible. However, we take the security of your Quartus II design information data very seriously. This is to let you know what we have done to protect your security and what steps you should take. Who's Impacted? On the Linux operating systems, the Quartus II software makes use of the OpenSSL library installed on your host for the "Notification Center" feature released in Quartus II version 13.0 and 13.1. Altera recommends upgrading your Linux operating system libraries to patch the necessary OpenSSL packages. This will immediately close the vulnerability for all applications, including the Quartus II software, on your computer. On the Windows operating system, Altera shipped the OpenSSL library version 1.0.1c in the Quartus II software versions 13.0 and 13.1, which contains the Heartbleed vulnerability. Because the Quartus II software does not run a web server using secure sockets layer (SSL), the vulnerability of Heartbleed is not possible to exploit directly. However, it is theoretically possible a third party could conceivably steal sensitive data the graphical user interface (GUI) or quartus_sh, such as compilation reports, if you have Notification Center enabled. Altera recommends you patch your installation if you are concerned about this theoretical possibility. Update Available: Altera Corporation released a patch that can be applied to the following 13.0 and 13.1 releases: 13.0 13.0SP1 13.1 (plus any updates) Future versions of the Quartus II software for Windows operating systems will ship with the patched version 1.0.1g of OpenSSL that addresses the Heartbleed vulnerability. Caution - You must either have previously installed the Quartus II 13.0 or 13.1 software or must install the Quartus II 13.0 or 13.1 software before installing this patch. Otherwise, the patch will not be installed correctly and the Quartus II software will not run properly.