Effective Date: Apr 10 2014
Product: OpenSSL 1.0.1 through 1.0.1f
Platform: Linux, *BSD

The OpenSSL cryptographic library contains a bug allowing exposure of information. This library is used in web protocols to encrypt traffic and protect data (for example, banking and credit card data, web authentication, and email). This bug allows an attacker to effectively eavesdrop on communications and steal data directly from services and users, as well as impersonation. OpenSSL is also used in other programs/services, such as email clients, instant messaging, and virtual private networks. Fortunately, there are patches available.

If you run a Fermilab webserver you must:
- Patch to OpenSSL 1.0.1g at a minimum and restart SSL-enabled services

If the service is exposed to the Internet, this must be patched by April 10th. If it is internal (that is, accessible only from Fermilab), it must be patched by April 30th.