Home / Security / Update on Heartbleed Vulnerability

Update on Heartbleed Vulnerability

A zero-day vulnerability nicknamed Heartbleed was announced Monday, revealing a bug in the popular OpenSSL software. The bug could potentially allow a third party to eavesdrop on communications encrypted over SSL/TLS.

At this time, A2 Hosting has patched OpenSSL on all of our shared and managed servers to a version which does not include the vulnerability. If you have an Unmanaged VPS, Cloud VPS, or Unmanged Flex Dedicated server, it is your responsibility to update your server to the latest OpenSSL version.

More specific information about the vulnerability can be found at heartbleed.com.

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

If you have any questions or need further assistance in upgrading your unmanaged server, please open a support ticket from my.a2hosting.com.

About Dave Matteson

David is a Lead Developer at A2 Hosting. He has been writing code professionally for nearly twenty years, and enjoys writing and reading about programming. David does his coding from his house in the woods with his wife and dogs

Check Also

A Beginner’s Guide To Understanding DDoS Attacks & How To Protect Your Site

As a webmaster, you’ve probably heard the term DDoS and DoS thrown around as a …