Contributed by tbert on 2014-04-08 from the oh SSLeeping hearts dept.

Patches for the so called heartbleed OpenSSL bug have been released by the OpenBSD project for OpenBSD 5.3-stable, OpenBSD 5.4-stable and OpenBSD 5.5

In the short statement contained in the commit message, Theo de Raadt (deraadt@) noted that OpenSSH is unaffected.

Module name: www Changes by: deraadt@cvs.openbsd.org 2014/04/07 20:21:17 Modified files: . : errata53.html errata54.html errata55.html Log message: release patches for 5.3, 5.4, and upcoming 5.5: Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents. To get ahead of a misconception... this does not affect SSH at all...

As noted on the Heartbleed Bug website, recovery involves revoking, regenerating, and redistributing SSL materiel.