Heartbleet OpenSSL bugs

Hi All,
If you are currently using linux operating system, please take note of the OpenSSL Heartbleed bug.
As mentioned in the link here below.
Affected Operating Systems:-
What versions of the OpenSSL are affected?
Status of different versions:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
How common are the vulnerable OpenSSL versions?
The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
How about operating systems?
Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
- Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
- Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
- CentOS 6.5, OpenSSL 1.0.1e-15
- Fedora 18, OpenSSL 1.0.1e-4
- OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
- FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
- NetBSD 5.0.2 (OpenSSL 1.0.1e)
- OpenSUSE 12.2 (OpenSSL 1.0.1c)
Operating system distribution with versions that are not vulnerable:
- Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
- SUSE Linux Enterprise Server
- FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
- FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
- FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
If you are using OS X Maverick. I think it is not affected as it is using OpenSSL 0.9.
To confirmed chek it via terminal.
type in command openssl version
Then you will see something like these - For example.
OpenSSL 1.0.1e-fips 11 Feb 2013
Other reference URL to see.
http://www.f-secure.com/weblog/archives/00002694.html
http://support.apple.com/kb/ht1222
For Mac Users:-
http://www.intego.com/mac-security-blog/heartbleed-openssl-bug-faq-for-mac-iphone-and-ipad-users/
http://www.tuaw.com/2014/04/09/why-the-openssl-heartbleed-bug-doesnt-affect-os-x-or-os-x-serve/
Others:- (For Linux only!!! Do not use for Macs!!)
http://webscripts.softpedia.com/script/Security-Systems/OpenSSL-27355.html
Comments
Just do a software updates on your linux operating system.
That goes the same to Freebsd as well. And other BSD systems.
Same to Oracle Solaris.
The is latest infos.
Please check this links here! * This is important *
http://www.kb.cert.org/vuls/id/720951
http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=720951&SearchOrder=4
Affected Home F-Secure products are: Key, Freedome and Lokki.
But they are already patched and doesn't require any user action
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
Please take note of this updates....
http://www.kb.cert.org/vuls/id/978508
http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=978508&SearchOrder=4
https://www.openssl.org/news/secadv_20140605.txt
The link to the original author of the bug is here:
http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
Its an OpenSSL bug, but different from the Heartbleed issue.
This is a less threatening, Man-In-The-Middle attack vector.
I noticed it too, and did not see anything on the News from the Lab.
Oops, make that 5.Jun.2014. I was off by a day.