A serious problem has been identified in the OpenSSL cryptographic software library. This bug impacts the security of data on any system protected by the vulnerable versions of this software. Please note that only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected, including 1.0.1f and 1.0.2-beta1.
What action is Claranet taking to safeguard its customers:
Claranet is currently patching all servers within its own infrastructure.
Claranet is also patching all servers for its managed application hosting customers.
For Claranet managed hosting customers, Claranet advises that if they use OpenSSL applications they apply patches as soon as possible. If you require assistance with this please contact our Service Desk.
For Claranet colocation customers, Claranet strongly advises customers patch their servers as soon as possible. If you require assistance with this please contact our Service Desk.
What other action should affected users take:
Users affected by the bug are advised to upgrade to OpenSSL 1.0.1g.
For those users who are not able to immediately upgrade, they can alternatively recompile OpenSSL with DOPENSSL_NO_HEARTBEATS.
RedHat users should upgrade to the patched version of 1.0.1e.
Please note:
There is a small possibility that this bug may already have been exploited. For this reason, Claranet also recommends that new, private keys be generated, along with revocation and reissue of SSL certs for any affected customers and users.
Further information about this issue can be found at: http://heartbleed.com/