Biyou Ma
Community Member

Question:
What version of OpenSSL does VDS-TC 5.0 and 5.1 run, is it affected by the heartbleed vulnerability bug?

 

Answer:
VDS-TC 5.0 and 5.1 releases is running with OpenSSL 0.9.8 branch which according to http://heartbleed.com/ is not vulnerable.

Below please find some more details about the OpenSLL versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

The known bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012.
OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.