OpenSSL 'Heartbleed' Vulnerability

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

OpenSSL 'Heartbleed' Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2014/04/08/OpenSSL-Heartbleed-Vulnerability ] 04/08/2014 06:51 AM EDT 
Original release date: April 08, 2014

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user 
authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may 
allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 
1.0.0 and 0.9.8 branches are not vulnerable.

US-CERT recommends users and administrators review Vulnerability Note VU720951 [ http://www.kb.cert.org/vuls/id/720951 
] for additional information and mitigation details. 

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]