Notice re OpenSSL cryptographic software (Heartbleed)

A serious problem has been identified in the OpenSSL cryptographic software library. This bug impacts the security of data on any system protected by the vulnerable versions of this software. Please note that only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected, including 1.0.1f and 1.0.2-beta1.

What action is Claranet taking to safeguard its customers:
Claranet is currently patching all servers within its own infrastructure and those of its managed application customers.
For Claranet managed hosting customers, Claranet advises that they contact its Support Desk and request this patching as soon as possible.
For Claranet colocation customers, Claranet strongly advises that they patch their servers.

What other action should affected users take:
Users affected by the bug are advised to upgrade to OpenSSL 1.0.1g.
For those users who are not able to immediately upgrade, they can alternatively recompile OpenSSL with DOPENSSL_NO_HEARTBEATS.
RedHat users should upgrade to the patched version of 1.0.1e.

Please note:
There is a small possibility that this bug may already have been exploited. For this reason, Claranet also recommends that new, private keys be generated, along with revocation and reissue of SSL certs for any affected customers and users.

Further information about this issue can be found at: http://heartbleed.com/

Leave a Reply