The fixed OpenSSL 1.01g is already available in source and for many platforms.
When do they become available anyone using OpenSSL 1.01 or 1.02 must deploy the patched version as fast as possible.
You also need to have all your certificates re-issued.
During the vulnerability period, your private keys may have been exposed, and there is no way to tell that they were not exposed.
Note the official binaries for Win32 1.01g are not available for yet (expect them soon), but the Indy team made Win32 and Win64 versions available.
Note that OpenSuSE did a backport of the patch to 1.01e for 12.3 and 13.1. Older openSuSE versions do not have updates for this issue, but you want to upgrade anything lower than 0.98 as they contain serious other vulnerabilities.
–jeroen
via
- Heartbleed Bug.
- Heartbleed: Serious OpenSSL zero day vulnerability revealed | ZDNet.
- OpenSSL.org.
- Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping | Ars Technica.
- Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet | TechCrunch.
Filed under: Delphi, Delphi 2006, Delphi 2007, Delphi 2009, Delphi 2010, Delphi 6, Delphi 7, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Development, OpenSSL, Power User, Security, Software Development
