HeartBleed OpenSSL Vulnerability

HeartBleed Bug

Though CudaMail is not succeptible to this bug, we want to provide a bit of information on it for our clients, and link to more information and resources.

This bug is a very serious vulnerability in OpenSSL. This cryptographic software library is very popular and is used around the world.

The problem is that the weakness allows access & theft of information that would normally be protected by the SSL/TLS encryption used to secure the Internet.

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012.

OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

For more information you can visit the Heartbleed Bug website: http://heartbleed.com/

* We are providing the above links as a resource for reference purposes only. These sites are not owned or affliated with CudaMail - please use at your own risk.