Though SpyderMail is not susceptible to this bug, we want to provide a bit of information on it for our clients, and link to more information and resources.
This bug is a very serious vulnerability in OpenSSL. This cryptographic software library is very popular and is used around the world.
The problem is that the weakness allows access & theft of information that would normally be protected by the SSL/TLS encryption used to secure the Internet.
What versions of the OpenSSL are affected?
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012.
OpenSSL 1.0.1g released on the 7th of April 2014, fixes the bug.
* We are providing the above links as a resource for reference purposes only. These sites are not owned or affliated with SpyderMail – please use at your own risk.