Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet
Posted by jpluimers on 2014/04/08
The fixed OpenSSL 1.01g is already available in source and for many platforms.
When do they become available anyone using OpenSSL 1.01 or 1.02 must deploy the patched version as fast as possible.
You also need to have all your certificates re-issued.
During the vulnerability period, your private keys may have been exposed, and there is no way to tell that they were not exposed.
Note the official binaries for Win32 1.01g are not available for yet (expect them soon), but the Indy team made Win32 and Win64 versions available.
Note that OpenSuSE did a backport of the patch to 1.01e for 12.3 and 13.1. Older openSuSE versions do not have updates for this issue, but you want to upgrade anything lower than 0.98 as they contain serious other vulnerabilities.
–jeroen
via
- Heartbleed Bug.
- Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet.
- OpenSSL.org.
- Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping | Ars Technica.
- Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet | TechCrunch.
The Wiert Corner - irregular stream of stuff 
Important SSL Update Available for Indy | Olaf's Thoughts About Development said
[…] mentioned by Jeroen, updated SSL builds for Indy are already available at fulgan.com (which is Indy’s binary […]
Joseph said
My desktop Linux distro pushed out a patch this morning. Linux package management is really a killer feature. If OpenSSL were a Windows component we might have to wait for a patch Tuesday. :-(
Bruce McGee said
Thanks for the heads up. Binaries are available now.
Bruce McGee said
Answered too quickly. I didn’t notice that you already included this link. Sorry about that.
jpluimers said
That’s the article I linked to in my post (;
Bruce McGee said
I noticed right after I made my first comment.
In my defense, it’s before 7:00 AM here and I’m only half way through my first coffee.. :)
jpluimers said
(: no problem. I’m catching up in between meetings, so I didn’t see the full comment stream yet (: