Contributed by tbert on from the oh SSLeeping hearts dept.
In the short statement contained in the commit message, Theo de Raadt (deraadt@) noted that OpenSSH is unaffected.
Module name: www Changes by: email@example.com 2014/04/07 20:21:17 Modified files: . : errata53.html errata54.html errata55.html Log message: release patches for 5.3, 5.4, and upcoming 5.5: Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents. To get ahead of a misconception... this does not affect SSH at all...
As noted on the Heartbleed Bug website, recovery involves revoking, regenerating, and redistributing SSL materiel.
(Comments are closed)