Yesterday a security vulnerability in OpenSSL was identified and patched. Known as the Heartbleed bug, or CVE-2014-0160, this vulnerability potentially affects a large number of online services which utilize specific version of OpenSSL. Full details can be found at http://heartbleed.com/
At Microsoft Open Technologies, Inc. we immediately took the proactive step of notifying all publishers of VM Depot images of the vulnerability. We requested that they review the details of the vulnerability and, where appropriate, they updated their VM Depot published images. All notifications were sent out between 0100 and 0130 April 8th (Pacific Time).
We are pleased to report that a number of publishers have confirmed their images are not vulnerable, and in addition many images have already been updated. We would like to thank our publishers for being responsible and responding quickly to this vulnerability.
If you are running OpenSSL on a virtual machine created from a VM Depot image, please update your VM in order to protect your machine from the Heartbleed bug. Use the links below to learn details for individual distros: