UPDATE as of 8:09am PDT (15:09 UTC) on 21-June-2014 - New fixed OpenSSL package now available in 2013Q2 repository UPDATE as of 8:30am PDT (15:30 UTC) on 20-June-2014 - See section below regarding 2013Q2 repository RESOLVED - UPDATE as of 11:30am PDT (18:30 UTC) on 09-June-2014 This notice is to advise Joyent Public Cloud (JPC) and SmartDataCenter (SDC) customers of the recently-identified Open SSL security issue CVE-2014-0224 (https://www.openssl.org/news/secadv_20140605.txt). SmartOS users If you use the images with their original pkgsrc repositories as intended, check which package repository your image uses by looking at /opt/local/etc/pkgin/repositories.

This notice is to advise Joyent Public Cloud and Smart Data Center customers of the recently identified Open SSL security issue openssl CVE-2014-0160 (https://www.openssl.org/news/secadv_20140407.txt and http://heartbleed.com). SmartOS users If you use the images with their original pkgsrc repositories as intended, check which package repository your image uses by looking at /opt/local/etc/pkgin/repositories.conf. If your repository is any of the following, and you have installed the openssl package using pkgin, you are vulnerable: