CVE 2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
ClearCenter response
Short response
This issue was fixed in the backported fixes of versions of openssl 1.0.1-16.el6_5.7 and later.
Long response
This bug was introduced in ClearOS version 6.5 and was fixed in updates shortly after the announcement of the bug. This issue does not exist in any previous or later version of ClearOS.
Resolution
If you are running ClearOS 6.5, please ensure that you are running the latest updates:
yum update
You may also validate your version by running:
rpm -qi openssl
You should validate that you are running openssl 1.0.1-16.el6_5.7 or later.