- Apr 09, 2014
- by Dave Matteson
A zero-day vulnerability nicknamed Heartbleed was announced Monday, revealing a bug in the popular OpenSSL software. The bug could potentially allow a third party to eavesdrop on communications encrypted over SSL/TLS.
At this time, A2 Hosting has patched OpenSSL on all of our shared and managed servers to a version which does not include the vulnerability. If you have an Unmanaged VPS, Cloud VPS, or Unmanged Flex Dedicated server, it is your responsibility to update your server to the latest OpenSSL version.
More specific information about the vulnerability can be found at heartbleed.com.
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
If you have any questions or need further assistance in upgrading your unmanaged server, please open a support ticket from my.a2hosting.com.