OpenSSL 1.0.1g and/or GNUTLS 3.3.0 is recommended to fix this.
Afterwards you should start password updates and read up into locking down SSH accessibility if necessary, and check firewalls, run anti-malware tools, and other security checks as needed to be safe. This was a bad bug so don't take any chances.
|