A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 1.0.0 and 0.9.8 branches are not vulnerable.
US-CERT recommends users and administrators review Vulnerability Note VU#720951 for additional information and mitigation details.
This product is provided subject to this Notification and this Privacy & Use policy.