The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,679 other followers

Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet

Posted by jpluimers on 2014/04/08

The fixed OpenSSL 1.01g is already available in source and for many platforms.

When do they become available anyone using OpenSSL 1.01 or 1.02 must deploy the patched version as fast as possible.

You also need to have all your certificates re-issued.

During the vulnerability period, your private keys may have been exposed, and there is no way to tell that they were not exposed.

Note the official binaries for Win32 1.01g are not available for yet (expect them soon), but the Indy team made Win32 and Win64 versions available.

Note that OpenSuSE did a backport of the patch to 1.01e for 12.3 and 13.1. Older openSuSE versions do not have updates for this issue, but you want to upgrade anything lower than 0.98 as they contain serious other vulnerabilities.



7 Responses to “Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet”

  1. […] mentioned by Jeroen, updated SSL builds for Indy are already available at (which is Indy’s binary […]

  2. Joseph said

    My desktop Linux distro pushed out a patch this morning. Linux package management is really a killer feature. If OpenSSL were a Windows component we might have to wait for a patch Tuesday. :-(

  3. Bruce McGee said

    Thanks for the heads up. Binaries are available now.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: