A serious vulnerability in the OpenSSL library has been discovered. This vulnerability, known as “Heartbleed” (the bug is in the heartbeat extension of the OpenSSL code) makes it possible for a malicious entity to steal information from a server that utilizes the OpenSSL library.

The following OpenSSL branches are vulnerable:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive)

The following branches are NOT vulnerable:

  • OpenSSL 1.0.1g
  • OpenSSL 1.0.0
  • OpenSSL 0.9.8

More details are available at http://www.heartbleed.com .