OpenSSL Heartbleed Vulnerability

Last Updated: 04/11/2014

Security Notice Level

SEVERE

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling.  This may allow an attacker to decrypt traffic such as a credit card transaction or perform various other attacks.

Affected Software

If you are running OpenSSL versions 1.0.1 through 1.0.1f, we recommend that you update as soon as possible to OpenSSL version 1.0.1g or later; or, if your platform has provided a patch, that you apply it accordingly.

Affected Platforms

Red Hat, Inc.
Ubuntu
Debian GNU/Linux
Fedora Project
FreeBSD Project
Gentoo Linux
Mandriva S. A.
NetBSD
OpenSUSE
OpenBSD
Slackware Linux Inc.
Check Point Software Technologies

Security Bulletin Name

US-Cert Vulnerability Note VU#720951
Vulnerability Summary for CVE-2014-0160

Additional Information

Additional information about this vulnerability can be viewed at:

http://www.kb.cert.org/vuls/id/720951
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.