A serious vulnerability in the OpenSSL library has been discovered. This vulnerability, known as “Heartbleed” (the bug is in the heartbeat extension of the OpenSSL code) makes it possible for a malicious entity to steal information from a server that utilizes the OpenSSL library.
The following OpenSSL branches are vulnerable:
- OpenSSL 1.0.1 through 1.0.1f (inclusive)
The following branches are NOT vulnerable:
- OpenSSL 1.0.1g
- OpenSSL 1.0.0
- OpenSSL 0.9.8
More details are available at http://www.heartbleed.com .