I was reading the Heartbleed vulnerability in the OpenSSL and in its official website, they have a list which mentioned that version 1.0.1 to 1.0.1f are affected, as shown in below pic.. I have CentOS 6 installed in my server and updated as per latest available versions in yum repository.. redhat release -
Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. What makes the Heartbleed Bug unique? Heartbleed (CVE-2014-0160): An overview of the problem and The version of OpenSSL can be obtained by using the openssl version -a command. Versions of OpenSSL 1.0.1x that were built before April 7, 2014 are vulnerable. Versions of OpenSSL 1.0.1x that were Critical OpenSSL 'Heartbleed' bug puts encrypted Apr 08, 2014 What is Heartbleed? And What You Can Do About It
Apr 10, 2014
Check your OpenSSL version, you could be in for Heartbleed Updating/Patching OpenSSL First, you need to identify if you are running servers with a vulnerable OpenSSL version, chances are you will be (see the official site for the version list). If you are, you must first patch OpenSSL to fix the main vulnerability (heartbleed). Anatomy of OpenSSL's Heartbleed: Just four bytes trigger
Heartbleed is a security vulnerability in OpenSSL software that lets a hacker access the memory of data servers. According to Netcraft, an Internet research firm, 500,000 Web sites could be affected.
While the Heartbleed bug isn't a flaw with certificates, passwords, or even the TLS protocol itself, the exploitation of the bug can lead to compromised private keys and other sensitive data. The Heartbleed bug is present in OpenSSL versions 1.0.1 through 1.0.1f as well as 1.0.2 beta.