OpenSSL Security issues

[Alan DeKok]

  This is a bad one:

http://heartbleed.com/

...
The Heartbleed bug allows anyone on the Internet to read the memory of
the systems protected by the vulnerable versions of the OpenSSL software.
...

* OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
* OpenSSL 1.0.1g is NOT vulnerable
* OpenSSL 0.9.8 branch is NOT vulnerable

  Everyone using TLS methods with EAP are likely vulnerable.  Anyone
using RadSec is likely vulnerable.

  Please check which version of OpenSSL you are using.

  Alan DeKok.