OpenSSL Heartbleed Vulnerability | Office of Information Technology

OpenSSL Heartbleed Vulnerability

Last Updated: 09/01/2014

Security Notice Level


A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling.  This may allow an attacker to decrypt traffic such as a credit card transaction or perform various other attacks.

Affected Software

If you are running OpenSSL versions 1.0.1 through 1.0.1f, we recommend that you update as soon as possible to OpenSSL version 1.0.1g or later; or, if your platform has provided a patch, that you apply it accordingly.

Affected Platforms

Red Hat, Inc.
Debian GNU/Linux
Fedora Project
FreeBSD Project
Gentoo Linux
Mandriva S. A.
Slackware Linux Inc.
Check Point Software Technologies

Security Bulletin Name

US-Cert Vulnerability Note VU#720951
Vulnerability Summary for CVE-2014-0160

Additional Information

Additional information about this vulnerability can be viewed at:

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or