Over the last couple of days we’ve been receiving a lot of questions about Heartbleed / CVE-2014-0160 bug. Heartbleed is a bug in OpenSSL’s implementation of the TLS/DTLS heartbeat extension (RFC6520).
Not all versions of OpenSSL are affected:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
As soon as we were made aware of the issue we began to verify the version of OpenSSL on Umbra Hosting servers. None of the Umbra Hosting shared or reseller servers were affected by the Heartbleed bug. A small number of dedicated server clients were affected. Clients with managed dedicated or VPS servers were patched.
If you have any further questions about the Heartbleed bug, please contact support