John Massarello

John Massarello
First Call Support Engineer

What is Heartbleed? If you work in IT, you have probably been inundated with information from colleagues, concerns from management, and questions from users. Heartbleed is the result of exploiting a bug in the cryptographic library of OpenSSL’s TLS / DTLS heartbeat extension, allowing a memory leak from the server to the client and vice versa. It was purportedly discovered on April 1, 2014 and a new version, with the security hole closed, was released on April 7, 2014. Looking beyond the controversy of when it was actually discovered and how quickly all who are affected will release new versions or patches to address this bug, let’s take a look at how the OpenSSL security vulnerability has affected your VMware environment.

The Heartbleed bug is found in Open SSL versions 1.0.1 through 1.0.1f. VMware has been keeping a running list of the affected products as well as those products that are not affected in KB 2076225.

For information specific to ESXi 5.5 and ESXi 5.5 Update 1, KB 2076665.

Information for all affected products, with links to their respective knowledge base articles, can be found in the VMware Security Advisory VMSA-2014-0004.