The Heartbleed Bug - What versions of the OpenSSL are affected?

Neo · April 13, 2014, 12:28am

What versions of the OpenSSL are affected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Neo · April 13, 2014, 12:40am

Also, you can test any server you use for the heartbleed bug at this excellent web site:

SSL Server Test

Vishal_dba · April 20, 2014, 8:52pm

If any of the oracle products use openssl library can we check if that is impacted?

Best regards,
Vishal

Neo · April 20, 2014, 11:47pm

You can easily Google terms like Oracle heartbleed to get an answer to your question.